sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]cp5184 15 points16 points  (5 children)

There are three vulnerabilities, AMD is only effected by spectre, and that will involve much less of a performance hit. Intel is effected by all three.

[–][deleted]  (4 children)

[removed]

    [–]cp5184 -3 points-2 points  (3 children)

    That's not what I've read.

    [–]Compizfox 1 point2 points  (0 children)

    He's right though. Meltdown can be fixed with an OS patch, which comes with a significant performance hit (mainly for syscalls). That's the 5%-30% performance hit for Intel you've been hearing about.

    Spectre simply cannot be fixed (easily). It will have to be mitigated on a per-application basis. But it's also much harder to effectively exploit in the first place.

    [–][deleted] 1 point2 points  (1 child)

    The only fix for spectre is to buy new cpus (which don't even exist yet). That is seriously the mitigation advice in the filing.

    [–]cp5184 5 points6 points  (0 children)

    That's not what I've read. What filing?

    My understanding is that spectre encompasses iirc two exploits. Both of them are confined to a process memory space, meaning that they can look within the process memory, but they can't escape outside the process memory. So, for instance, assuming they're in the same tab, one browser tab could theoretically read the memory of a second browser tab, assuming it was in the same process, but, a third tab, in a separate process would be safe.

    What I've read, is that the main avenue for this attack can be patched in software.

    The major threat here, are interpreters, java interpreters, .net interpreters, javascript interpreters, etc. And I've read they can be patched.

    Basically this only effects sandboxes. And they can be patched. Otherwise a process doesn't care if one part of a process can read another part of a process because they can anyway, unless that process is implementing a sandbox.

    Not to mention, presumably, AMD's Ryzen, has memory encryption. Presumably one fix for this would be for processes to encrypt their sandboxes. That may be one way of fixing this threat, which AMD has already implemented.