AMD Ryzen and Epyc platforms at risk: More than a dozen critical security flaws discovered

These? Meltdown also uses side channel attack discussed long time ago. Still AMD CPU's are immune to it while Intel's are not.

So until there is POC of Spectre 2 for AMD, there is no reason to believe AMD is vulnerable.

Meltdown is Intel's own fault, but the OS level patches actually fixes meltdown and has been affirmatively demonstrated to do so. But don't believe for a moment a that AMD is immune to Spectre. The Spectre variants are just thin slice of the side channel attacks possible, time is in favor of the people trying to attack the processors, Intel, AMD, Arm, etc. Focusing on a specific variant is being stuck to a tree and forgetting the forest, and that tree may be in the process of being eaten by termites. It is like saying your immune to influenza H3N1 but wide open to the rest.

Technology is not religion, belief doesn't magically make anything better, but you can go on and bury your head in the sand, and believe what you want.
 
Meltdown is Intel's own fault, but the OS level patches actually fixes meltdown and has been affirmatively demonstrated to do so. But don't believe for a moment a that AMD is immune to Spectre. The Spectre variants are just thin slice of the side channel attacks possible, time is in favor of the people trying to attack the processors, Intel, AMD, Arm, etc. Focusing on a specific variant is being stuck to a tree and forgetting the forest, and that tree may be in the process of being eaten by termites. It is like saying your immune to influenza H3N1 but wide open to the rest.

Technology is not religion, belief doesn't magically make anything better, but you can go on and bury your head in the sand, and believe what you want.

Intel has fixed Meltdown but with quite huge performance penalty. This whole Spectre/Meltdown is about architecture and if AMD's architecture is made so that Meltdown does not work, why it's not possible that same applies to Spectre too?
 
Intel has fixed Meltdown but with quite huge performance penalty.

You sure like to make "huge" hyperboles. This is what Techspot has written:

https://www.techspot.com/article/1554-meltdown-flaw-cpu-performance-windows/
"
Well, there you have it. Desktop users have little to worry about in terms of performance loss, particularly gamers. We've yet to test older CPUs, but given the type of workloads we’re seeing impacted by the patch, I don’t think there’s going to be an issue with any desktop hardware, but we’ll certainly report back if there is.
"
and in their follow-up article see:
https://www.techspot.com/article/1556-meltdown-and-spectre-cpu-performance-windows/page4.html

"
We consistently saw less than a 5% reduction in gaming performance, you’re looking at around a 3-4% drop for the most part when CPU limited, less when GPU limited. SSD performance doesn’t impact frame rates, we’ve seen this when comparing slow hard drives with ultra snappy SSDs, there’s really nothing to gain there.
"

This whole Spectre/Meltdown is about architecture and if AMD's architecture is made so that Meltdown does not work, why it's not possible that same applies to Spectre too?

Do you do CPU architecture design? Here is a simple analogy for you. Let say Intel made cars with normal tires, but an in there design they did not have a spot for spare tire. AMD on the other hand had run-flat tires. So obviously the nail on the road would disable Intel's cars. So the patch was to sacrifice so trunk space and have the spare tire. Now that does NOT mean the AMD car and Intel car are any more immune to say police spike strips or road side IEDs. The same does NOT apply.
 
Complete BS from your part. This isn't about being biased about AMD. In fact you should be appalled that something this shady is happening and some people are taking it seriously.
Even if the exploits do indeed exists, it has been stated multiple times in multiple places that this has been blown out of proportion intentionally. You need to have root access, vendor singed drivers and flash the bios? Seriously? It's just a smear campaign no matter how you slice it and it's normal for people to link it to Intel since they benefit the most from it (even if they had nothing to do with this).

Not bullshit mate. The knee jerk reaction on these flaws by many well known AMD fanboys *cough* hard reset *cough* on here was to condemn Intel (many still do) over spectre and meltdown vulnerabilities. The same people instantly claimed this to be fake. It’s very telling.

I think it’s fake, always did. My job requires me to be weary of potential exploits. Fortunately I don’t need to put any extra hours in this time as we exclusively run Intel systems across our national network.

However the reactions from people on it have been very telling. I must say I’m not “appalled” that someone would attempt to “smear” AMD. I see people trying to do that everyday! And on the flip side, people like AdoredTV blatantly and routinely smear Intel, I bet that doesn’t “appall” you! If it even is a smear, there is a chance it might not be. All the tubers etc state that it could be a genuine vulnerability but that the report is an attack or smear attempt and that hey don’t know yet.

Oh and I have the access required to thousands of machines of a FTSE 100 company. All someone would need to do is take control of my PC in our secure NOC and they could inflict huge amounts of damage via these vulnerabilities if they are real and if we used AMD. Sure for home users a hacker will need physical contact with the machine. But anyone making the time and effort to put into an attack is not going to bother with a solitary machine. But don’t worry mate, I won’t think an less of you for being unaware :).
 
You sure like to make "huge" hyperboles. This is what Techspot has written:

https://www.techspot.com/article/1554-meltdown-flaw-cpu-performance-windows/
"
Well, there you have it. Desktop users have little to worry about in terms of performance loss, particularly gamers. We've yet to test older CPUs, but given the type of workloads we’re seeing impacted by the patch, I don’t think there’s going to be an issue with any desktop hardware, but we’ll certainly report back if there is.
"
and in their follow-up article see:
https://www.techspot.com/article/1556-meltdown-and-spectre-cpu-performance-windows/page4.html

"
We consistently saw less than a 5% reduction in gaming performance, you’re looking at around a 3-4% drop for the most part when CPU limited, less when GPU limited. SSD performance doesn’t impact frame rates, we’ve seen this when comparing slow hard drives with ultra snappy SSDs, there’s really nothing to gain there.
"



Do you do CPU architecture design? Here is a simple analogy for you. Let say Intel made cars with normal tires, but an in there design they did not have a spot for spare tire. AMD on the other hand had run-flat tires. So obviously the nail on the road would disable Intel's cars. So the patch was to sacrifice so trunk space and have the spare tire. Now that does NOT mean the AMD car and Intel car are any more immune to say police spike strips or road side IEDs. The same does NOT apply.
You are clearly misreading those performance numbers and you also don't understand that it wasn't windows and "gaming" that suffered these performance hits (at least beyond the random 4k IO hdd issues).

Have you even looked at Amazon's AWS forum (or maybe at MS's Azure) where people have multiple reports with numbers and examples of how their VMs and other workloads got hit hard (with more than the 30% mentioned by many news outlets)? Many were forced to upgrade their plans to the next tier.
Have you looked at some of the numbers published by gaming companies from their own servers? Eve Online devs showed a nice graph where their API server was using for some operations as much as 2x more CPU resources after they patched it (and they decided to delay the patch for the main game server because of this problem)

Your analogy also doesn't make sense and can't be used as an example in this case. You are just comparing apples with rocks.

The "huge hyperbole" was actually smaller than what really happened in real life for many. But hey, we should ignore everything else because gaming performance is all that matters.
 
Not bullshit mate. The knee jerk reaction on these flaws by many well known AMD fanboys *cough* hard reset *cough* on here was to condemn Intel (many still do) over spectre and meltdown vulnerabilities. The same people instantly claimed this to be fake. It’s very telling.

I think it’s fake, always did. My job requires me to be weary of potential exploits. Fortunately I don’t need to put any extra hours in this time as we exclusively run Intel systems across our national network.

However the reactions from people on it have been very telling. I must say I’m not “appalled” that someone would attempt to “smear” AMD. I see people trying to do that everyday! And on the flip side, people like AdoredTV blatantly and routinely smear Intel, I bet that doesn’t “appall” you! If it even is a smear, there is a chance it might not be. All the tubers etc state that it could be a genuine vulnerability but that the report is an attack or smear attempt and that hey don’t know yet.

Oh and I have the access required to thousands of machines of a FTSE 100 company. All someone would need to do is take control of my PC in our secure NOC and they could inflict huge amounts of damage via these vulnerabilities if they are real and if we used AMD. Sure for home users a hacker will need physical contact with the machine. But anyone making the time and effort to put into an attack is not going to bother with a solitary machine. But don’t worry mate, I won’t think an less of you for being unaware :).
Nobody cares about what AdoredTV says (or you opinion about them) and you should not use it as an example to do what basically amounts to cheap snarky insults. You can be sarcastic all you want, it won't change the simple fact that the people you are dissing right now are actually correct.

If you already have access to reflash the bios of a system then it doesn't matter if it's AMD, Intel, ARM or anything else - that system is screwed. And I doubt you also have fake singed vendor drivers which are required for most of those exploits. From the reports I've read so far, all of these flaws seem to be nothing more than basic programing issues known for decades.

In the end you just don't like the attitude taken by most people here.
 
You sure like to make "huge" hyperboles. This is what Techspot has written:

https://www.techspot.com/article/1554-meltdown-flaw-cpu-performance-windows/
"
Well, there you have it. Desktop users have little to worry about in terms of performance loss, particularly gamers. We've yet to test older CPUs, but given the type of workloads we’re seeing impacted by the patch, I don’t think there’s going to be an issue with any desktop hardware, but we’ll certainly report back if there is.
"
and in their follow-up article see:
https://www.techspot.com/article/1556-meltdown-and-spectre-cpu-performance-windows/page4.html

"
We consistently saw less than a 5% reduction in gaming performance, you’re looking at around a 3-4% drop for the most part when CPU limited, less when GPU limited. SSD performance doesn’t impact frame rates, we’ve seen this when comparing slow hard drives with ultra snappy SSDs, there’s really nothing to gain there.
"

Then how about this one? https://www.techrepublic.com/articl...ll-slow-linux-systems-warns-netflix-engineer/

A Netflix engineer has warned of the potentially "massive overhead" of patching Linux-based systems against the Meltdown CPU flaw.

Brendan Gregg found that updates to the Linux kernel to mitigate the risk from Meltdown added anywhere between 1% to 800% overhead, depending on the nature of the workload.

Good luck with 800% overhead "(y)"

For certain situations, that's deal breaker.

Do you do CPU architecture design? Here is a simple analogy for you. Let say Intel made cars with normal tires, but an in there design they did not have a spot for spare tire. AMD on the other hand had run-flat tires. So obviously the nail on the road would disable Intel's cars. So the patch was to sacrifice so trunk space and have the spare tire. Now that does NOT mean the AMD car and Intel car are any more immune to say police spike strips or road side IEDs. The same does NOT apply.

There might be (and probably is) other vulnerabilities that affect on AMD CPU's too. But for Meltdown, AMD made their CPU check memory privileges before even starting to speculative execution. So AMD's architecture makes it immune to Meltdown. So using your analogy, we are still waiting police spike strips and IED's that work for AMD CPU.
 
Then how about this one? https://www.techrepublic.com/articl...ll-slow-linux-systems-warns-netflix-engineer/
...
Good luck with 800% overhead "(y)"

For certain situations, that's deal breaker.

And from you same article, the same engineer said
"
Practically, I'm expecting the cloud systems at my employer (Netflix) to experience between 0.1% and 6% overhead with KPTI due to our syscall rates, and I'm expecting we'll take that down to less than 2% with tuning.
"

How do you square the corner case of 800% vs 2%? "Huge" hyperbole.

So using your analogy, we are still waiting police spike strips and IED's that work for AMD CPU.
How about something more mundane, like a couple feet of snow, like what we can get in the upper midwest or recently those nor'easter . That is enough to make sure the cars slide everywhere end up in the ditches.

Point being that immune from one does NOT in general by and large mean you are immune from another. You are by and large assigning god like abilities to AMD, which is reflected in your worship.
 
Last edited:
And from you same article, the same engineer said
"
Practically, I'm expecting the cloud systems at my employer (Netflix) to experience between 0.1% and 6% overhead with KPTI due to our syscall rates, and I'm expecting we'll take that down to less than 2% with tuning.
"

How do you square the corner case of 800% vs 2%? "Huge" hyperbole.


How about something more mundane, like a couple feet of snow, like what we can get in the upper midwest or recently those nor'easter . That is enough to make sure the cars slide everywhere end up in the ditches.

Point being that immune from one does NOT in general by and large mean you are immune from another. You are by and large assigning god like abilities to AMD, which is reflected in your worship.
"at my employer", "our syscalls" - kinda says it all. you kinda confirmed what we were saying to you. it's actually really funny :D
 
"at my employer", "our syscalls" - kinda says it all. you kinda confirmed what we were saying to you. it's actually really funny :D

You do realize you can change the frequency to make the syscalls. Writing inefficient code that pounds at the OS with lots of syscalls while achieving very little progress for the workload is very silly. Actually really funny that you think that is how code should behave. You can aggregate the calls into one call for a bunch of request if you can pool and buffer the requests. The same can be done for interrupt requests. Any half decent software engineer knows how to do this, and how to tune and optimize for this.
 
And from you same article, the same engineer said
"
Practically, I'm expecting the cloud systems at my employer (Netflix) to experience between 0.1% and 6% overhead with KPTI due to our syscall rates, and I'm expecting we'll take that down to less than 2% with tuning.
"

How do you square the corner case of 800% vs 2%? "Huge" hyperbole.

They have low syscall loads then. Some other companies have much higher.

How about something more mundane, like a couple feet of snow, like what we can get in the upper midwest or recently those nor'easter . That is enough to make sure the cars slide everywhere end up in the ditches.

Point being that immune from one does NOT in general by and large mean you are immune from another. You are by and large assigning god like abilities to AMD, which is reflected in your worship.

AMD seems to be more protected. As AMD stated, they believe it's very hard to make Spectre 2 to work with AMD. And AMD seems to be right. Still waiting for POC...
 
You do realize you can change the frequency to make the syscalls. Writing inefficient code that pounds at the OS with lots of syscalls while achieving very little progress for the workload is very silly. Actually really funny that you think that is how code should behave. You can aggregate the calls into one call for a bunch of request if you can pool and buffer the requests. The same can be done for interrupt requests. Any half decent software engineer knows how to do this, and how to tune and optimize for this.
not everything can be optimised like that. some workloads just have a lot of syscalls, there's no way around it or at least no sensible way that makes sense from a time and monetary standpoint. most of the time it's just much much cheaper and faster to just upgrade your server tier/plan.
 
Point being that immune from one does NOT in general by and large mean you are immune from another. You are by and large assigning god like abilities to AMD, which is reflected in your worship.

You seem awfully defensive, might not want to take such a strong stance until you see how all of this pans out.
 
It's fake in the sense that even if these 'vulnerabilities' are real, if you can call them that, it's not really a big deal. You could probably steal my car if I gave you the keys, hard to call that a vulnerability :)
But if it's real there are some real problems. I don't even want to go there.
 
Nobody cares about what AdoredTV says (or you opinion about them) and you should not use it as an example to do what basically amounts to cheap snarky insults. You can be sarcastic all you want, it won't change the simple fact that the people you are dissing right now are actually correct.

If you already have access to reflash the bios of a system then it doesn't matter if it's AMD, Intel, ARM or anything else - that system is screwed. And I doubt you also have fake singed vendor drivers which are required for most of those exploits. From the reports I've read so far, all of these flaws seem to be nothing more than basic programing issues known for decades.

In the end you just don't like the attitude taken by most people here.
You are very accurate. The attitude of a select few on here is that everything AMD does is magic and would never ever do anything bad. But that on the flip side Intel are an evil money grabbing corporation whose executives find new ways to scam customers out of money and force competition from the marketplace. This fantasy world isn’t real. Both companies are as bad as each other.

There is no evidence on whether this is true or not. No one can 100% say that this is fake news. But that doesn’t stop the AMD fandom declaring it fake news outright. I think it probably is fake news but if it turns out not to be and these vulnerabilities are real then people like you are going to look remarkably stupid.

A neutrals perspective would definitely be holding some skepticism at this point. A fanboy would dismis it out of hand before these vulnerability are properly investigated. Oh and I speak as someone who works in a secure network operations center, it’s my job to protect systems from attack. As a professional, despite this looking like bullshit we would definitely be taking it seriously if we used AMD systems. But then again, hardly any corporations do these days.
 
There is no evidence on whether this is true or not. No one can 100% say that this is fake news. But that doesn’t stop the AMD fandom declaring it fake news outright. I think it probably is fake news but if it turns out not to be and these vulnerabilities are real then people like you are going to look remarkably stupid.

A neutrals perspective would definitely be holding some skepticism at this point. A fanboy would dismis it out of hand before these vulnerability are properly investigated. Oh and I speak as someone who works in a secure network operations center, it’s my job to protect systems from attack. As a professional, despite this looking like bullshit we would definitely be taking it seriously if we used AMD systems. But then again, hardly any corporations do these days.

Even if those news are NOT fake, then this whole thing is nothing more smear campaign against AMD.

Let's face it. Even if those claims are true, there are gazillions of Intel devices with Asmedia USB chips. That means Intel platforms are in trouble too. Any word about Intel platforms with Asmedia chips? Nope.

That summarizes it all.
 
Back