Message from @Jignx

Discord ID: 644528782681702400

Goz3rr
2019-11-14 13:22:14 UTC  

intel submitted the patches to GCC today

Jignx
2019-11-14 13:22:50 UTC  

Current Intel hardware mitigations do not cover TAA and current Cascade Lake CPUs remain vulnerable. TAA can allow leaking of data across processes, privilege boundaries and Hyper Threading. With Hyper Threading disabled, TAA can still leak data from protected domains.

Jignx
2019-11-14 13:22:56 UTC  

yikes imagine leaking data even when HT is off

Goz3rr
2019-11-14 13:24:16 UTC  

also the next time you cherrypick benchmarks

Goz3rr
2019-11-14 13:24:17 UTC  

>In this case the assembler update didn't make any difference as Firefox wasn't rebuilt from source as part of the test profile or the Clear Linux revision.

Tervy
2019-11-14 13:25:01 UTC  

so normal usecase for home user ?

Tervy
2019-11-14 13:25:14 UTC  

where ucode is applied but software is not update to match ?(or apt-get repo aint updated) ?

Goz3rr
2019-11-14 13:25:18 UTC  

what do you mean normal use case

Goz3rr
2019-11-14 13:25:21 UTC  

firefox has autoupdater

Goz3rr
2019-11-14 13:25:39 UTC  

it'll be updated soon enough

Jignx
2019-11-14 13:25:46 UTC  

windows 10 will get it updated too

Tervy
2019-11-14 13:26:09 UTC  

yeah soon enough few days of slow speeds nobody notices :D

Jignx
2019-11-14 13:26:20 UTC  

on a consumer level, there wont be anything much that exploit these vulnerabilities tbh

Goz3rr
2019-11-14 13:26:21 UTC  

no slow speeds until the microcode update rolls out

Tervy
2019-11-14 13:26:32 UTC  

true enough ~

Jignx
2019-11-14 13:26:56 UTC  

however on the server cloud level, these vulnerabilities allows one to steal data

Goz3rr
2019-11-14 13:27:01 UTC  

JCC errata is only fixing "undefined behaviour" atm

Goz3rr
2019-11-14 13:27:05 UTC  

no published vuln

Tervy
2019-11-14 13:27:11 UTC  

and not that firefox is the place where the speed is needed that much anyway

Goz3rr
2019-11-14 13:27:12 UTC  

it's like the FDIV bug

Goz3rr
2019-11-14 13:28:11 UTC  

https://cdn.discordapp.com/attachments/527849695020580866/644529011032195072/unknown.png

Jignx
2019-11-14 13:28:39 UTC  

gaming wont be hit by CPU performance since it's more GPU now

Goz3rr
2019-11-14 13:28:51 UTC  

quality: low

https://cdn.discordapp.com/attachments/527849695020580866/644529178565410826/unknown.png

Goz3rr
2019-11-14 13:28:54 UTC  

even when you try to make it cpu bound

Sad
2019-11-14 13:29:18 UTC  

are Intel shills in full force already

Matthew
2019-11-14 13:31:46 UTC  

Is this gonna be like the LAST time this happened, where everyone insisted intel users would take like a 25% performance hit, but in reality it was negligible except in very specific, niche uses?

Matthew
2019-11-14 13:31:51 UTC  

Intel users BTFO indeed

Goz3rr
2019-11-14 13:32:27 UTC  

you almost seem like a sane person matt

Sad
2019-11-14 13:33:07 UTC  

None of these affect in games anyway

Sad
2019-11-14 13:33:18 UTC  

reason to care about these: none

Goz3rr
2019-11-14 13:33:22 UTC  

performance impacts from the JCC errata are a slightly bigger deal than earlier patches

Goz3rr
2019-11-14 13:33:42 UTC  

they impact user space programs, where as previous patches only affected the kernel and related transitions

Tervy
2019-11-14 13:34:04 UTC  

i mean its large enough performance hit on those "niche cases" that people are more and more turning mitigation off on all plantforms

Tervy
2019-11-14 13:34:08 UTC  

"to get mah speeds"

Tervy
2019-11-14 13:34:14 UTC  

what is quite dangerous path

Goz3rr
2019-11-14 13:34:19 UTC  

those niche cases can safely turn off mitigations

Goz3rr
2019-11-14 13:34:23 UTC  

as long as you don't run untrusted code

Tervy
2019-11-14 13:34:55 UTC  

so ..browser

Goz3rr
2019-11-14 13:35:13 UTC  

yes because the average person that runs a database and a browser on the same hardware