• Computers
  • New CPU HARDWARE vulnerabilities called Spectre and Meltdown .. And SONAR? (p.2)
2018/01/08 20:49:18
CakeAlexSHere
Yeah well I've tested the patch performance and could not tell the difference (maybe 5% then). After running tests via powershell the patch isn't a full security solution, I probably need a motherboard upgrade. As my motherboard is from 2010 that's probably never going to happen.
2018/01/08 20:49:42
CakeAlexSHere
Dupe.
2018/01/08 22:07:31
abacab
List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates
https://www.bleepingcompu...s-patches-and-updates/
2018/01/11 20:35:29
azslow3
My thoughts...
Note, that is IMHO.
 
Both vulnerabilities theoretically allow a program running on your computer access any data in memory of your computer. So to have ANY impact, your computer should RUN that "bad" program. That can be:
a) JavaScript in your browser. So your Browser MUST BE PATCHED NOW. Probably there is some performance penalty, but note that JavaScript IS NOT a binary code. So I guess that penalty is minimal if at all noticeable. That should make your computer SAFE for Meldown and Spectre (if browser developer do this right... but if they do not, you can be attacked by 1000+ other vulnerabilities, so nothing new here).
b) since I guess you are not allow arbitrary people run arbitrary programs on YOUR computer (if you do, you can have more problems then just with meltdown), if the bad program is there, you already have a virus. Not good, but nothing new (any virus can read all your data in any case). The situation is SIGNIFICANTLY DIFFERENT for computer resources providers like cloud services, web hosters, etc. They ALLOW many people run ARBITRARY programs. I repeat, on a private computer, (b) is NOT a problem at all. But IF YOU ARE A VOLUNTEER in scientific calculations (f.e. BOINC), I recommend to TEMPORARILY STOP that activity till the situation is clarified.
 
So, for a DAW computer... Not installing OS patches (or disabling them) does not make your computer less secure. But I repeat, if your computer is connected to the Internet, patches for Browser is A MUST.
 
Well. MS and other OS providers do not want to go into details. So they give you patches even if you can not profit from them (as collecting telemetry and running other useless for you tasks). So lets think which impact such patches can have on a DAW.
The "brick wall" is applied on process switches. So when the program asks OS for some activity:
* audio/midi recording is a tiny operation for modern systems. Even if that is "slowed down" by a factor of 10, you probably will not notice (have you seen any difference in RECORDING to PCIe SSD vs SATA SSD vs HDD?)
* loading huge sample libraries can be hit, especially from PCIe SSDs.
* Audio I/O theoretically can be hit. But that is FIXED SPEED operation (unlike loading samples, it make no sense to "send music faster". So, if there is some impact, for the system in general it has absolute upper limit. I do not think that can be noticed.
 
The "heavy job" is done within plug-ins. They are running inside the DAW (till bridged 32bit in 64 DAW...). So like games, most critical for a DAW operations are not affected.
 
2018/01/11 20:42:14
abacab
I think hosted cloud services at probably most at risk.  Many users running on shared hardware.  The possibility of accessing anybody's data in memory could be a huge risk.
 
But for the average single user machine, probably business as usual.  Just keep the malware out and and the browser locked down and you should be fine.
2018/01/11 20:55:38
CakeAlexSHere
Well..

From Microsoft source:

https://cloudblogs.micros...ns-on-windows-systems/

"With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.

With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.

With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance."
2018/01/11 23:13:04
abacab
It's obviously a Microsoft conspiracy to push everyone onto Windows 10.  And also Intel benefits when everyone jumps early onto a hardware replacement cycle...  /tinfoil off 
2018/01/21 02:05:57
mudgel
The following link will run a tool that tells you your current PCs exposure to meltdown and Spectre.

https://www.grc.com/inspectre.htm

After you’ve undertaken whatever mitigation processes are available to you run the link again to see how effective the process has been.

In my case Meltdown was taken care of by applying the specific Windows update.

An updated BIOS took care of the Spectre problem. On running the link again it showed both processes were successful in mitigating Meltdown and Spectre effects with no real performance penalty.
2018/01/21 02:35:00
abacab
Unfortunately some systems will never see the BIOS updates.  Out of warranty computers and motherboards are probably going to remain at risk, with the OS patches dependent on the hardware fixes.
 
If that is the case, controlling the code that executes on your PC is your only option.  If you only run trusted executables on the local machine, then it would be wise to limit the scripts that run in your browser whenever you visit a website.  The vulnerability can only be exploited if you allow exploit code to run locally, and 3rd party scripts would be the main source of that risk.
12
© 2024 APG vNext Commercial Version 5.1

Use My Existing Forum Account

Use My Social Media Account