Helpful ReplyNew CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR?

Author
aidanodr
Max Output Level: -83 dBFS
  • Total Posts : 389
  • Joined: 2013/10/12 12:12:58
  • Status: offline
2018/01/04 17:29:47 (permalink)

New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR?

 
MODS: sorry if this posted about already or in wrong place - I did a search for spectre and meltdown, found no post yet with same. ALSO ..I am having issues with my posts disappearing if I edit them ..
 
‘Spectre’ and ‘Meltdown’: New CPU vulnerabilities affect most smartphones and computers
 
The tech industry has been all a buzz over the last 48 hours with talk about a fundamental flaw in Intel’s CPUs that makes it easy for malware to steal sensitive data (like passwords, cryptographic keys and banking information) directly from memory, memory that would normally be off limits. We now have the first concrete details about the issue, and as it turns out, there are actually two vulnerabilities, dubbed by security researchers ‘Meltdown’ and ‘Spectre’ and they affect other platforms besides Intel’s.

 
These two vulnerabilities are HARDWARE VULNERABILITIES independent of your OS & software. They effect all your devices whether Windows, OS X, Linux and Android.
 
From the other article below:
 
A complete fix for Meltdown and Spectre is going to require a CPU replacement. As CERT says, the solution is to “Replace CPU Hardware”.

 
The Impact of Meltdown & Spectre Vulnerabilities
 
I urge ye to read both or especially the Defiant article on this.
 
By the looks of this .. it could be MASSIVE. It potentially renders many legacy devices in place as major security risks and untrustable?
 
Apparently the OS patches coming shortly could also drop the machines performance by up to 30%
 
Again i stress .. these are HARDWARE VULNERABILITIES in your Processor Chip & it effects Apple, Windows, Linux & Android plus I imagine any other device using similar intel chips ..
 
Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers
 
Serious security flaws that could let attackers steal sensitive data, including passwords and banking information, have been found in processors designed by Intel, AMD and ARM.

 
So thats pretty much affecting everything?
 
With this 30% performance hit and new major OS patches coming fast .. I wonder could this have major affect on SONAR? Could this be the one??
#1
CakeAlexSHere
Max Output Level: -82 dBFS
  • Total Posts : 428
  • Joined: 2016/05/19 12:03:48
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/04 17:34:14 (permalink)
For Windows 5-30% performance hit.
Sonar runs on Windows.
Patch will be applied this Tues or first Tues in Feb.
You could try to delay updates if you Windows 10 Pro via group policy.
#2
aidanodr
Max Output Level: -83 dBFS
  • Total Posts : 389
  • Joined: 2013/10/12 12:12:58
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/04 17:50:20 (permalink)
https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-windows-systems-for-the-meltdown-and-spectre-cpu-flaws/
 
How to Check and Update Windows Systems for the Meltdown and Spectre CPU Flaws
 
 
#3
aidanodr
Max Output Level: -83 dBFS
  • Total Posts : 389
  • Joined: 2013/10/12 12:12:58
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/04 18:15:16 (permalink)
Meltdown and Spectre: How chip hacks work
As technology companies race to fix two major vulnerabilities found in computer chips, the ways in which those chips could theoretically be targeted by hackers are becoming clear.
Collectively, Meltdown and Spectre affect billions of systems around the world - from desktop PCs to smartphones.
So why are so many different devices vulnerable - and what is being done to fix things?

 
Quick interesting article for you if into wanting to know how these two vulnerabilities work and how they can be used. Not too technical.
 
It would seem the patches coming out resolve meltdown, but Spectre will be harder to fix.
 
Patching Spectre is going to be harder because the weaknesses it exploits are used so widely on modern machines.
Processors try to break requests into multiple tasks they can deal with separately to gain any amount of speed improvement where they can, even on a small scale.
Many of the ways they do this look like they can be monitored via Spectre to gain information about what the chip is up to.
Patching this directly - essentially changing the way these chunks of silicon work - probably won't be attempted initially, but altering the way that other bits of software on computers work to prevent exploitation of Spectre should help limit the risk to users.
More worryingly, the researchers who found the bug said the "practicality" of producing fixes for existing processors was "unknown".

#4
tlw
Max Output Level: -51.5 dBFS
  • Total Posts : 2397
  • Joined: 2008/10/11 22:06:32
  • Location: West Midlands, UK
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/04 23:14:30 (permalink)
CakeAlexSHere
For Windows 5-30% performance hit.


More accurately, it’s a potential 5-30% (some industry sources say 200%) performance hit on some operations carried out by cpus. Software that calls a lot of those operations will be hit harder than software that doesn’t.

For what it’s worth Apple released High Sierra 10.13.2 update nearly a month ago and it contained their Meltdown patch. The noticable effect on any of our Macs has been zero. The one running Logic has needed no increase in audio buffers, and seems quite unaffected in any other way.

It seems the other computer use that hits cpus hard, gaming, isn’t affected much either.

It’s server/Cloud farms handling big databases and web servers that will he hit hardest because what they do does use the affected cpu calls a lot.

Sonar Platinum 64bit, Windows 8.1 Pro 64bit, I7 3770K Ivybridge, 16GB Ram, Gigabyte Z77-D3H m/board,
ATI 7750 graphics+ 1GB RAM, 2xIntel 520 series 220GB SSDs, 1 TB Samsung F3 + 1 TB WD HDDs, Seasonic fanless 460W psu, RME Fireface UFX, Focusrite Octopre.
Assorted real synths, guitars, mandolins, diatonic accordions, percussion, fx and other stuff.
#5
aidanodr
Max Output Level: -83 dBFS
  • Total Posts : 389
  • Joined: 2013/10/12 12:12:58
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/05 01:05:46 (permalink)
Yes .. the Meltdown vulnerability is the easiest one to resolve it seems. The OS patches should sort.
 
However the problem one is SPECTRE. Seems no patch for this yet and maybe never which gives us headlines like in this fridays FT:
 

#6
aidanodr
Max Output Level: -83 dBFS
  • Total Posts : 389
  • Joined: 2013/10/12 12:12:58
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/05 09:58:22 (permalink)
Testing Windows 10 Performance Before and After the Meltdown Flaw Emergency Patch
 
Because of the nature of Meltdown and Spectre, the patches have to come at the OS level, and there's a possibility of performance loss. On the upside for consumers, desktop computing and gaming may not be as affected as other intensive tasks more commonly seen in server and database applications.

 
For those interested .. Loads of tests on the before / after applying MELTDOWN patch with respect to performance.
Note - there is no SPECTRE patch as of yet as far as I know. The above is just the recent patches released which apparently just patched MELTDOWN.
#7
abacab
Max Output Level: -42 dBFS
  • Total Posts : 3314
  • Joined: 2014/12/31 19:34:07
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/05 22:09:01 (permalink)
Just received an update to my Firefox browser today that is intended as a short term mitigation for the Spectre attack.
 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
 
 

DAW: Sonar Platinum; Sonar Home Studio; Studio One 3 Pro; Tracktion Waveform; Ableton Live  Other: AIR AIEP; Akai VIP; BIAB; Ignite; iZotope Iris 2; Overture; SampleTank 3; SONiVOX; SynthMaster; Syntronik  OS: Win10 Pro x64 1703  System: Homebuilt Asus; i3 3.4Ghz; 8GB DDR3; Intel HD Graphics; Dual Monitors; Samsung EVO 850 SSD, 250GB; WD 1.0TB 7200rpm; PCIe FireWire  Audio: M-Audio FW-410  Controllers: A-300PRO; Alesis VX49; CME Xkey  Hardware: Roland JV880; JV1080; XP-30; Alesis QS-6; Casio CZ-1000
#8
slartabartfast
Max Output Level: -24 dBFS
  • Total Posts : 5136
  • Joined: 2005/10/30 01:38:34
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/06 22:23:21 (permalink)
An added problem is that there is speculation that an OS software patch alone will not work without an updated BIOS. Considering the incredible variety of motherboards and BIOS versions available, and the limited resources of many motherboard manufacturers, it is likely that no such BIOS updates will be available in the near future (if ever) for many systems.
#9
abacab
Max Output Level: -42 dBFS
  • Total Posts : 3314
  • Joined: 2014/12/31 19:34:07
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/07 01:40:20 (permalink)
Best advice...remain calm, don't panic! 
 
This is click bait news at the moment!  The exploits are theoretical proof of concepts, that will be mitigated eventually.
 
I will keep up with the news, and update as needed.  Using system images from which I can easily roll back the updates from, if needed due to problems introduced by the updates.

DAW: Sonar Platinum; Sonar Home Studio; Studio One 3 Pro; Tracktion Waveform; Ableton Live  Other: AIR AIEP; Akai VIP; BIAB; Ignite; iZotope Iris 2; Overture; SampleTank 3; SONiVOX; SynthMaster; Syntronik  OS: Win10 Pro x64 1703  System: Homebuilt Asus; i3 3.4Ghz; 8GB DDR3; Intel HD Graphics; Dual Monitors; Samsung EVO 850 SSD, 250GB; WD 1.0TB 7200rpm; PCIe FireWire  Audio: M-Audio FW-410  Controllers: A-300PRO; Alesis VX49; CME Xkey  Hardware: Roland JV880; JV1080; XP-30; Alesis QS-6; Casio CZ-1000
#10
CakeAlexSHere
Max Output Level: -82 dBFS
  • Total Posts : 428
  • Joined: 2016/05/19 12:03:48
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/08 20:49:18 (permalink)
Yeah well I've tested the patch performance and could not tell the difference (maybe 5% then). After running tests via powershell the patch isn't a full security solution, I probably need a motherboard upgrade. As my motherboard is from 2010 that's probably never going to happen.
#11
CakeAlexSHere
Max Output Level: -82 dBFS
  • Total Posts : 428
  • Joined: 2016/05/19 12:03:48
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/08 20:49:42 (permalink)
Dupe.
#12
abacab
Max Output Level: -42 dBFS
  • Total Posts : 3314
  • Joined: 2014/12/31 19:34:07
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/08 22:07:31 (permalink)
List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates
https://www.bleepingcompu...s-patches-and-updates/

DAW: Sonar Platinum; Sonar Home Studio; Studio One 3 Pro; Tracktion Waveform; Ableton Live  Other: AIR AIEP; Akai VIP; BIAB; Ignite; iZotope Iris 2; Overture; SampleTank 3; SONiVOX; SynthMaster; Syntronik  OS: Win10 Pro x64 1703  System: Homebuilt Asus; i3 3.4Ghz; 8GB DDR3; Intel HD Graphics; Dual Monitors; Samsung EVO 850 SSD, 250GB; WD 1.0TB 7200rpm; PCIe FireWire  Audio: M-Audio FW-410  Controllers: A-300PRO; Alesis VX49; CME Xkey  Hardware: Roland JV880; JV1080; XP-30; Alesis QS-6; Casio CZ-1000
#13
azslow3
Max Output Level: -47.5 dBFS
  • Total Posts : 2795
  • Joined: 2012/06/22 19:27:51
  • Location: Germany
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/11 20:35:29 (permalink) ☄ Helpfulby abacab 2018/01/11 20:39:05
My thoughts...
Note, that is IMHO.
 
Both vulnerabilities theoretically allow a program running on your computer access any data in memory of your computer. So to have ANY impact, your computer should RUN that "bad" program. That can be:
a) JavaScript in your browser. So your Browser MUST BE PATCHED NOW. Probably there is some performance penalty, but note that JavaScript IS NOT a binary code. So I guess that penalty is minimal if at all noticeable. That should make your computer SAFE for Meldown and Spectre (if browser developer do this right... but if they do not, you can be attacked by 1000+ other vulnerabilities, so nothing new here).
b) since I guess you are not allow arbitrary people run arbitrary programs on YOUR computer (if you do, you can have more problems then just with meltdown), if the bad program is there, you already have a virus. Not good, but nothing new (any virus can read all your data in any case). The situation is SIGNIFICANTLY DIFFERENT for computer resources providers like cloud services, web hosters, etc. They ALLOW many people run ARBITRARY programs. I repeat, on a private computer, (b) is NOT a problem at all. But IF YOU ARE A VOLUNTEER in scientific calculations (f.e. BOINC), I recommend to TEMPORARILY STOP that activity till the situation is clarified.
 
So, for a DAW computer... Not installing OS patches (or disabling them) does not make your computer less secure. But I repeat, if your computer is connected to the Internet, patches for Browser is A MUST.
 
Well. MS and other OS providers do not want to go into details. So they give you patches even if you can not profit from them (as collecting telemetry and running other useless for you tasks). So lets think which impact such patches can have on a DAW.
The "brick wall" is applied on process switches. So when the program asks OS for some activity:
* audio/midi recording is a tiny operation for modern systems. Even if that is "slowed down" by a factor of 10, you probably will not notice (have you seen any difference in RECORDING to PCIe SSD vs SATA SSD vs HDD?)
* loading huge sample libraries can be hit, especially from PCIe SSDs.
* Audio I/O theoretically can be hit. But that is FIXED SPEED operation (unlike loading samples, it make no sense to "send music faster". So, if there is some impact, for the system in general it has absolute upper limit. I do not think that can be noticed.
 
The "heavy job" is done within plug-ins. They are running inside the DAW (till bridged 32bit in 64 DAW...). So like games, most critical for a DAW operations are not affected.
 

Sonar 8LE -> Platinum infinity (RIP), REAPER, Windows 10 pro
GA-EP35-DS3L, E7500, 4GB, GTX 1050 Ti, 2x500GB
RME Babyface Pro (M-Audio Audiophile Firewire/410, VS-20), Kawai CN43, TD-11, Roland A500S, Akai MPK Mini, Keystation Pro, etc.
www.azslow.com - Control Surface Integration Platform for SONAR
#14
abacab
Max Output Level: -42 dBFS
  • Total Posts : 3314
  • Joined: 2014/12/31 19:34:07
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/11 20:42:14 (permalink)
I think hosted cloud services at probably most at risk.  Many users running on shared hardware.  The possibility of accessing anybody's data in memory could be a huge risk.
 
But for the average single user machine, probably business as usual.  Just keep the malware out and and the browser locked down and you should be fine.

DAW: Sonar Platinum; Sonar Home Studio; Studio One 3 Pro; Tracktion Waveform; Ableton Live  Other: AIR AIEP; Akai VIP; BIAB; Ignite; iZotope Iris 2; Overture; SampleTank 3; SONiVOX; SynthMaster; Syntronik  OS: Win10 Pro x64 1703  System: Homebuilt Asus; i3 3.4Ghz; 8GB DDR3; Intel HD Graphics; Dual Monitors; Samsung EVO 850 SSD, 250GB; WD 1.0TB 7200rpm; PCIe FireWire  Audio: M-Audio FW-410  Controllers: A-300PRO; Alesis VX49; CME Xkey  Hardware: Roland JV880; JV1080; XP-30; Alesis QS-6; Casio CZ-1000
#15
CakeAlexSHere
Max Output Level: -82 dBFS
  • Total Posts : 428
  • Joined: 2016/05/19 12:03:48
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/11 20:55:38 (permalink)
Well..

From Microsoft source:

https://cloudblogs.micros...ns-on-windows-systems/

"With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.

With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.

With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance."
#16
abacab
Max Output Level: -42 dBFS
  • Total Posts : 3314
  • Joined: 2014/12/31 19:34:07
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/11 23:13:04 (permalink)
It's obviously a Microsoft conspiracy to push everyone onto Windows 10.  And also Intel benefits when everyone jumps early onto a hardware replacement cycle...  /tinfoil off 

DAW: Sonar Platinum; Sonar Home Studio; Studio One 3 Pro; Tracktion Waveform; Ableton Live  Other: AIR AIEP; Akai VIP; BIAB; Ignite; iZotope Iris 2; Overture; SampleTank 3; SONiVOX; SynthMaster; Syntronik  OS: Win10 Pro x64 1703  System: Homebuilt Asus; i3 3.4Ghz; 8GB DDR3; Intel HD Graphics; Dual Monitors; Samsung EVO 850 SSD, 250GB; WD 1.0TB 7200rpm; PCIe FireWire  Audio: M-Audio FW-410  Controllers: A-300PRO; Alesis VX49; CME Xkey  Hardware: Roland JV880; JV1080; XP-30; Alesis QS-6; Casio CZ-1000
#17
mudgel
Max Output Level: 0 dBFS
  • Total Posts : 11829
  • Joined: 2004/08/13 00:56:05
  • Location: Linton Victoria (Near Ballarat)
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/21 02:05:57 (permalink)
The following link will run a tool that tells you your current PCs exposure to meltdown and Spectre.

https://www.grc.com/inspectre.htm

After you’ve undertaken whatever mitigation processes are available to you run the link again to see how effective the process has been.

In my case Meltdown was taken care of by applying the specific Windows update.

An updated BIOS took care of the Spectre problem. On running the link again it showed both processes were successful in mitigating Meltdown and Spectre effects with no real performance penalty.

Mike V. (MUDGEL)

STUDIO: Win 10 Pro x64, Cubase Pro 9.5 x64,
PC: ASUS Z370-A, INTEL i7 8700k, 32GIG DDR4 2400, OC 4.7Ghz.
Storage: 7 TB SATA III, 750GiG SSD & Samsung 500 Gig 960 EVO NVMe M.2.
Monitors: Adam A7X, JBL 10” Sub.
Audio I/O & DSP Server: DIGIGRID IOS & IOX.
Screen: Raven MTi + 43" HD 4K TV Monitor.
Keyboard Controller: Native Instruments Komplete Kontrol S88.
#18
abacab
Max Output Level: -42 dBFS
  • Total Posts : 3314
  • Joined: 2014/12/31 19:34:07
  • Status: offline
Re: New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? 2018/01/21 02:35:00 (permalink)
Unfortunately some systems will never see the BIOS updates.  Out of warranty computers and motherboards are probably going to remain at risk, with the OS patches dependent on the hardware fixes.
 
If that is the case, controlling the code that executes on your PC is your only option.  If you only run trusted executables on the local machine, then it would be wise to limit the scripts that run in your browser whenever you visit a website.  The vulnerability can only be exploited if you allow exploit code to run locally, and 3rd party scripts would be the main source of that risk.

DAW: Sonar Platinum; Sonar Home Studio; Studio One 3 Pro; Tracktion Waveform; Ableton Live  Other: AIR AIEP; Akai VIP; BIAB; Ignite; iZotope Iris 2; Overture; SampleTank 3; SONiVOX; SynthMaster; Syntronik  OS: Win10 Pro x64 1703  System: Homebuilt Asus; i3 3.4Ghz; 8GB DDR3; Intel HD Graphics; Dual Monitors; Samsung EVO 850 SSD, 250GB; WD 1.0TB 7200rpm; PCIe FireWire  Audio: M-Audio FW-410  Controllers: A-300PRO; Alesis VX49; CME Xkey  Hardware: Roland JV880; JV1080; XP-30; Alesis QS-6; Casio CZ-1000
#19
Jump to:
© 2018 APG vNext Commercial Version 5.1