Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel Details Cascade Lake, Hardware Mitigations for Meltdown, Spectre (extremetech.com)

Posted by msmash on from the up-next dept.

An anonymous reader shares a report: Ever since Meltdown and Spectre were disclosed, Intel's various customers have been asking how long it would take for hardware fixes to these problems to ship. The fixes will deploy with Cascade Lake, Intel's next server platform due later this year, but the company is finally lifting the lid on some of those improvements and security enhancements at Hot Chips this week.

One major concern? Putting back the performance that previous solutions have lost as a result of Meltdown and Spectre. It's hard to quantify exactly what this looks like, because the impact tends to be extremely workload-dependent. But Intel's guidance has been in the 5-10 percent range, depending on workload and platform, and with the understanding that older CPUs were sometimes hit harder than newer ones. Intel wasn't willing to speak to exactly what kind of uplift users should expect, but Lisa Spelman, VP of Intel's Data Center Group, told AnandTech that the new hardware solutions would have an "impact" on the performance hit from mitigation, and that overall performance would improve at the platform level regardless. Variant 1 will still require software-level protections, while Variant 2 (that's the "classic" Spectre attack) will require a mixture of hardware and software protection. Variant 3 (Meltdown) will be blocked in hardware, 3a (discovered by ARM) patched via firmware, with Variant 5 (Foreshadow) also patched in hardware.

43 of 74 comments (clear)

  1. Hardware Mitigations? by ElBeano · · Score: 5, Insightful

    Use AMD instead.

    1. Re:Hardware Mitigations? by Anonymous Coward · · Score: 4, Informative

      Use AMD instead.

      Especially since we're mostly talking about servers here. When AMD's EPYC is on 7nm and Intel is still on 14nm++++ or whatever they are calling it, the choice will be a lot easier.

      Even Intel's 10nm doesn't appear that it will be anything like what they had previously told everyone (since they couldn't get it to work).

      If they could have pulled off the original 10nm plan, they'd be on a level playing field with the 7nm stuff, but it's looking more and more like Intel will be behind for a while yet.

    2. Re:Hardware Mitigations? by jason777 · · Score: 1

      But I'm a gamer

    3. Re:Hardware Mitigations? by thegarbz · · Score: 1

      Use AMD instead.

      Sure that works now with Ryzen, but how well does that work for all the times AMD is out of the running? For much of the past 10 years you were far better off buying Intel and living with the performance hit from the patches.

    4. Re: Hardware Mitigations? by zilym · · Score: 2

      I hate it when people carelessly claim that ARM is just as vulnerable as AMD and Intel.

      None of the ARM CPUs in my tablets and smartphones incorporate speculative execution, and thus, are immune to these attacks.

      A few high performance ARM cores have speculative execution and are theoretically vulnerable. However, the vast majority of battery powered ARM devices do not incorporate high performance ARM cores! Battery powered devices are more concerned about conserving energy than raw execution speed, so manufactures more often than not choose the more power efficient ARM cores that do not incorporate speculative execution.

    5. Re: Hardware Mitigations? by Killall+-9+Bash · · Score: 1

      Put simply, if you, like me, have over 10k blades running Intel you're not going to cycle all those out for AMD overnight.

      Nope, you'll just install those meltdown mitigation windows updates like a good little MCSE. Then you get to explain the 25% performance loss to your boss.

      --
      "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
    6. Re:Hardware Mitigations? by K.+S.+Kyosuke · · Score: 1

      Superior performance of Intel?

      --
      Ezekiel 23:20
    7. Re:Hardware Mitigations? by gweihir · · Score: 1

      That is not actually true for server-workloads. The only thing where Intel was better was single-core gaming benchmarks.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    8. Re:Hardware Mitigations? by Megol · · Score: 1

      You forgot your sarcasm tag.

    9. Re:Hardware Mitigations? by Megol · · Score: 1

      The few situations when the CPU is the bottleneck and the task can't be parallelized can practically be ignored IMHO.
      For gaming that is - there are plenty of real stuff where single thread performance is important.

    10. Re: Hardware Mitigations? by Megol · · Score: 1

      Can I ask what smartphone(s) you have then? IIRC OoO execution for smartphones came ca 2008 and phones not having it now is generally called feature phones, could be wrong though.

    11. Re:Hardware Mitigations? by Megol · · Score: 1

      One of the exploits is essentially impossible to protect against without removing performance, one have never existed (Meltdown) and the rest is generally hard to exploit on Ryzen.
      You are of course right, I'll dump my computers as soon as I get this abacus on the Internet...

    12. Re: Hardware Mitigations? by Wrath0fb0b · · Score: 1

      None of the ARM CPUs in my tablets and smartphones incorporate speculative execution, and thus, are immune to these attacks.

      Really? Then you must not have

      Any ARM Cortex after A53, which was the first with branch prediction released in 2012 (if you are predicting a branch, then you are executing speculatively). The A57 then bumps this from just branch prediction to full OOO execution.

      Any Samsung Exynos after M1. The Qualcomm ones are just warmed over ARMs anyway (with an LTE modem glued on) so nothing new there. Same for MediaTek.

      Probably the Apple SOCs too, but they don't really give out slides.

      Anyway, if you are running a ARM SOC with no branch predictor (let alone OOO) then you are on a phone/tablet from 2014 or earlier.

    13. Re:Hardware Mitigations? by Tough+Love · · Score: 1

      Right, that's why you should be moving to Vulkan/DX12 now, the future of high performance gaming. That's where Ryzen + Radeon/Vega kick Intel's tail. Why stay mired in obsolete game engine technology? You need to be ready for the upcoming wave of high performance FPS and VR games.

      --
      When all you have is a hammer, every problem starts to look like a thumb.
  2. "OS/VMM" mean "Not Fixed" by Anonymous Coward · · Score: 5, Informative

    From the slide in the FA, Variant 1 (Bounds-Check Bypass, one of the worst variants), Variant 2 (Branch-Target Injection), and Variant 4 (Speculative-Store Bypass) are all still relying on OS/VMM mitigations --- which means that Intel has done absolutely nothing to try to address them.

    Still. Broken.

    1. Re:"OS/VMM" mean "Not Fixed" by AmiMoJo · · Score: 1

      They probably won't until the next major architecture revision. Aside from anything else new flaws keep being found and if they try to patch the current architecture they probably won't get them all, and being incompetent will probably create more.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:"OS/VMM" mean "Not Fixed" by drinkypoo · · Score: 1

      Aside from anything else new flaws keep being found and if they try to patch the current architecture they probably won't get them all, and being incompetent will probably create more.

      They can't just "patch" them, they have to make actual architectural changes so that things happen in the correct order. If they could just issue a patch, they could have fixed these problems in microcode already, and declared victory over vulnerability.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    3. Re:"OS/VMM" mean "Not Fixed" by Gr8Apes · · Score: 1

      They could potentially fix it, but I'm not sure what the cost of "flush the caches after every context switch" would do to the performance? Knock it down to 50%? Worse? I just can't imagine what a multi-core server with multiple threads would have occur. A CPU on its figurative knees being outpaced by a single core/threaded chip from the 2000s is floating into focus...

      --
      The cesspool just got a check and balance.
  3. These are kludges, not fixes. by Anonymous Coward · · Score: 4, Informative

    Real fixes require a new security-first attitude at Intel, and a complete chip redesign based on that attitude.
    That will take many years to materialize. In the meantime expect to see more vulnerabilities to pop-up (already have) and more ad hoc fixes.

  4. No patches by Anonymous Coward · · Score: 1

    No patches for me. The whole unit is flawed. Just rip the damn thing out.

  5. Major concern by TeknoHog · · Score: 5, Insightful

    One major concern? Putting back the performance that previous solutions have lost as a result of Meltdown and Spectre.

    It's like getting back the "A" grade you lost after they found out you've been cheating. Sure it's a major concern because now you'll actually have to work for your grade. Meanwhile, there are other students who didn't cheat in the first place. Guess which one I'm going to hire?

    --
    Escher was the first MC and Giger invented the HR department.
    1. Re:Major concern by thegarbz · · Score: 1

      Guess which one I'm going to hire?

      The cheater obviously. They have shown to be able to get to the top place with far less effort. Providing they prove their ability to treat the sewer they shat in, why hire the innefficient one?

    2. Re:Major concern by Gr8Apes · · Score: 1

      It depends, was it a smart cheater that knew the trade-offs, or were they just very lucky that they avoided being caught on day 1?

      --
      The cesspool just got a check and balance.
    3. Re:Major concern by GuB-42 · · Score: 1

      Hire a cheater and he will find the most efficient way of taking your money. Spoiler alert: it doesn't involve doing the work you are paying him for.

    4. Re:Major concern by thegarbz · · Score: 1

      Hire a cheater and he will find the most efficient way of taking your money.

      Well that is the goal of any employee. It sounds like your renumeration system does not favour outcomes but rather attendance. If you favour outcomes through renumeration the most efficient way of taking money is the most effecient way of achieving outcomes.

  6. Is this a good time to buy Intel stock? by Snotnose · · Score: 1

    A lot of huge customers, like cloud providers, are likely to upgrade their servers as soon as possible. Not seeing any sign they're moving to AMD, and AMD isn't 100% immune to these either.

    So, has the expected surge in demand been factored into the price of the stock, or is now a good time to buy?

    Conversely, there will soon be a bunch of Intel based servers flooding the surplus market. About the time I'll be looking to upgrade my desktop box. Can I pop a graphics card into one of these servers and make a nifty, cheap gaming box? I'm perfectly capable of moving a motherboard to a new chassis, I'm less capable at adding a PCI slot to an existing board.

    As a home user do I care about these vulnerabilities? I do banking stuff once a month. I do Amazon maybe twice a year. I do /., fark, etc etc daily, but all my logins for those are snotnose with the same password. To be honest, send me an email with a funny joke and I'll tell you the password, I don't fricken care at this level of web activity.

    1. Re:Is this a good time to buy Intel stock? by RhettLivingston · · Score: 1

      Intel flew too close to the Sun and was burned, much more so than AMD which has not as aggressively complicated their design. Now Intel is patching instead of working toward a systemic solution. It seems like denial and doesn't encourage a lot of confidence.

      There is definitely partial shift toward AMD underway. Even Intel has publicly predicted a larger move than has yet been completed and they would be many times more likely to minimize that prediction than overestimate it.

      It takes a while for momentum to build and supply chains to adjust. Would you want to upgrade at the end of this year to get some of your performance that you already paid for back or would you rather wait six months and get a fresh new 7nm AMD Epyc design that is a true upgrade in the first half of 2019? (I doubt they'll wait for Intel's 10nm server generation to start up in the first half of 2020)

      There is going to at least be some experimentation with both AMD and ARM in the data center. My guess, we'll see more diversified deployments for a while in an effort to mitigate the risk as the chip flaws in this new class continue to be discovered (and they will).

      Intel has barely begun to suffer their come to God moment. If they've got any sense at all, there is a more thorough redesign in the works for the 2020 generation. So, turnaround in early 2020, very late 2019 at the earliest - barring success with some major architectural slight of hand like pushing the Optane agenda.

  7. Wouldn't it be funny by CptLoRes · · Score: 1

    If Intel marketing started claiming higher percentage gains with the HW mitigations on new chips, then the 5-10 percent they say we lose today. Buy now, it's 20 percent faster clock for clock then previous generation chips!

    1. Re:Wouldn't it be funny by CptLoRes · · Score: 1

      Sure thing. Next time I'll write in my native language (Norwegian), and make sure to correct any grammatical mistakes you'll make in that language.

  8. Bug by bug patches? by RhettLivingston · · Score: 3, Interesting

    This seems like an effort to stick a bunch of fingers in holes in a dam when the dam has a systemic design flaw. What are the chances that other problems will be discovered after tape-out of the new processors?

    These bugs are an indictment of the complexity of the speedup techniques Intel has used. With complexity comes extra design expense, reductions in yield, reductions in reliability, and now, security issues that were not very foreseeable.

    Adding more complexity in the form of changes to address all these little problems does not give comfort that the syndrome is fixed.

    This was serious enough to warrant going back to the drawing board and designing in changes that eliminate this class of problems, not the individual problems that we know of. This is a disappointing effort.

    1. Re:Bug by bug patches? by williamyf · · Score: 2

      If Intel completely reset the processor to its previous state after a failed speculative execution, then the processor would be immune to all speculative execution attacks--even speculative execution attacks that haven't been discovered yet. But it doesn't appear that that's what Intel is doing. Instead, their strategy appears to be to design a separate patch for each different speculative execution attack after that attack is discovered.

      What did you expect? It takes about four years to engineer an new microprocessor architecture. More if you are starting from scratch. I am 99% certain that right now, there is a team of Intel Microarchitects designing such microprocessor from scratch, we may as well see the fruits of their labour in something like six years (maybe more, if there are more slowdownd in the Fab side of things). But in the meantime, Intel needs something to sell, otherwise, the company would go bankrupt before that new microprocessor design is out the door, so, we end up with this.

      And before you think about going to some other manufacturer (AMD, Arm, IBM Power, Spark, VIA), remember that their processors are also suceptible to Spectre type attacks, so do a cost/benefit business case analysis before taking the plunge...

      PS: I favour AMD for servers (since this article is about servers) but there are many caveats beyond AMD's control that make it an uphill battle to use their chips. This has nothing to do with obscure machinations from Intel like in the early '00s, and fortunately will get better in the future, but, again, the thing is, do a detailed cost/benefit analysis before taking the plunge.

      --
      *** Suerte a todos y Feliz dia!
    2. Re:Bug by bug patches? by thegarbz · · Score: 1

      What are the chances that other problems will be discovered after tape-out of the new processors?

      100%. The average CPU product line has hundreds of eratas (hardware bugs) over its life across the entire industry. It just happened that these specific bugs were security related.

    3. Re:Bug by bug patches? by fintux · · Score: 1

      [--] there are many caveats beyond AMD's control that make it an uphill battle to use their chips.

      I barely know anything about the server space, so I'd be interested in hearing what kind of issues there are. Could you shed some light on this? (Special care was tried to be taken to not sound like I'm asking because I doubt your statement - I genuinely am just interested to learn about this)

    4. Re:Bug by bug patches? by drinkypoo · · Score: 1

      Well, I doubt his statement. Ever since AMD started selling their own chipsets, I have found zero drawback to using AMD other than reduced performance — but given the cost:performance ratio comparison between the two, unless you are chasing the absolute maximum frame rate in gaming or similar, there are no real drawbacks. Unless you're at the top of the range, you can solve that problem with money, and usually still come out ahead of Intel by spending less of it.

      Back when you had to use a VIA chipset for an AMD system, but you could get an Intel chipset for an Intel system, there were real and significant differences. Any more? Not so much. And it might be noted that a motherboard with an Intel chipset would be literally $100 more than one with a VIA chipset. And even today, there is a ~$100 price gap between similarly-equipped Intel and AMD motherboards, favoring AMD. And those AMD systems have more PCI-E lanes...

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    5. Re:Bug by bug patches? by williamyf · · Score: 1

      I am preparing a blog post (+ LinkedIn series) about it. But since this is slashdot, and not something I write for CIO level people, and since you asked nicely (and are not an Anon Coward), I'll give you the TL;DR preview, I'll simply list the caveats, without much explaing. Please remember we are talking about SERVERS. For companies. Not desktops, not laptops, not gaming rigs, not servers for a home lab. Some people seem to forget that...

      0.) If your workload needs anything Intel propiertary, like transactional memory, or some other weird stuff, then game over. By the same token, if you need something AMD exclusive, like the niffty feature that encrypts a VM's RAM so that not even the VMM can see it, then go AMD.

      1.) Does your Workload (usually legacy) depend on single threaded performance? In that case, is likely that intel will be faster, but do a side by side trial and benchmark, as that will depend on the performance loss for the Spectre patches for both intel and AMD.

      3.) Is your software licensed by core, not socket? (If it is FOSS, then the answer is, no, move on) Then, you need the configuration which achives the desired performance with the MINIMUM numer of cores, even if the Processor that achieves that is supper-expensive... The Software tends to be ORDERS OF MAGNITUDE MORE EXPENSIVE then the SERVERS (I am looking at you Oracle). So, again benchmark, but remember AMD has more cores, per socket, but intel tends to have more single thread performance, so, again, side by side trial and benchmark.

      4.) Does your workload has problems with NUMA (also, mostly legacy)? In that case, certainly, intel. (with the use of "core-complexes" XEN has more "NUMA-ness" than intel, by a long shot. Even a single socket XEN processor is NUMA).

      5.) If you are doing virtualization or cloud, does your VMM/Cloud SW support AMD properly? If not, is it worth it for your organization to add a new VMM to your stable on top of a new server chip? Like it or not, not all VMMs/Cloud SW support AMD yet, I hope this changes in the near future.

      6.) If you need to LIVE migrate VMs from the old kit to the new kit and back, then the kit has to be either all intel, or all AMD. (migrating turned off machines is easier, the problem is LIVE migrating)

      7.) Are the server makers in your approved provider list selling AMD servers? Is it worth it for you as a tech to go through the process with finance/purchases to add a new server provider?

      8.) Are the server makers that sell AMD servers providing good service in your country? Are they providing good service to your company? Service varies by region and account.

      9.) Are the server providers that deal with you providing AMD servers in the Form-Factor your project demands. I've seen mostly blades thus far. If you need 4U with many 2.5"disks, or 1U, or some other format, is it made by the server sellers your company approves?

      Finally, a server is more than the microprocessor it uses, and actually, the microprocessor is a small part of the cost. Maybe the server seller is trying to get this project for strategic reasons, or increase their footprint in your company, or hit the sales goal so that they collect the bonus and pay their yatch. In the end, your project needs servers that cover it's needs in terms of security, performance, form factor and support, amog other things. If after all these hurdles are cleared, for whatever reason, a server seller is offering you a less expensive intel server that covers your needs, go for it. If the less expensive one is AMD, go for it

      As you see, none of this is in AMD's control, it will get better over time, and none of this is due to evil machinations from intel.

      I hope this is usseful to you, and hope I've got a new "friend" on /.
      Let me know what you think.

      PS: For Grammar nazis, I bet my english is better than your spanish, AAAAND I also can communicate in french*, not too shabby for an electronics engineer.

      *used to be able to speak, read and write french, but after 15 years of no practice, I forgot most of it.

      --
      *** Suerte a todos y Feliz dia!
    6. Re:Bug by bug patches? by williamyf · · Score: 1

      In my original post I wrote:

      "I favour AMD for servers (since this article is about servers) but there are many caveats beyond AMD's control that make it an uphill battle to use their chips."

      the word "servers" is written twice.

      The article is about a server chip.

      I work with blade servers in telco. Also 4U ones with lots of 2.5" SSDs. Each of those servers cost $20,000,oo onwards.

      If you want to discuss $200 mobos for gaming, is OK. I have been using and recomending AMD chips since the 486, K6-3, and now XEN. Skiped their K5, K6 and anythig buldozer derived. But that was/is for personal use. For server use, is a different story.

      In my answer to fintux is my list of reasons. If you whish, go and read it. If not, no biggie, live a happy life.

      --
      *** Suerte a todos y Feliz dia!
    7. Re:Bug by bug patches? by fintux · · Score: 1

      Thank you a lot for taking the time to write the reply, this was very informative! This seems to especially apply to data center kind of servers, and not necessarily so much often affect smaller scale servers (although in some cases may).

      So there is indeed some truth behind the Intel's claim of their ecosystem, but it is not at least completely about compatibility (though to some extent also that, such as the transactional memory, VMM etc.), but also about stuff being optimized for Intel, and also the supply chain. But indeed highly depending on the use case.

      I started to think about this more out-of-the-box and I realized that for very large scale implementations, performance-per-watt might also be an important factor. And I think this also needs benchmarking for the use-case. Adding that to the single-thread performance, it is not a trivial equation at all!

      Of course, in the light of the constant security issues discovered with Intel processors, the risk and cost of data leak is also something to keep in mind.

      PS: My native language is not English either, but Finnish, and I speak also German, Swedish, some Italian and a tiny bit of French :P Too bad I don't speak any Spanish, and with my level of Italian, it would not be comprehensible to me probably even in writing, even though for native speakers it is possible to an extent...

    8. Re:Bug by bug patches? by drinkypoo · · Score: 1

      But that was/is for personal use. For server use, is a different story.

      It doesn't matter, even slightly. Once upon a time you didn't have the option to use AMD chipsets for servers or desktops, because they didn't exist. That was a good reason to use intel. Now, for both servers and desktops, you can use AMD chipsets. That reason went away. HTH, HAND!

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    9. Re:Bug by bug patches? by williamyf · · Score: 1

      I worked with a lot of Finish guys (Nokia, technomen) at the start of my career, even went to finland for a job interview in Jan 2001, but alas, it was not meant to be.

      What you say abot performance/watt in ultra large scale deployments (Like Amazon, Azure, facebook, Google) is 100% true, and well known, but my deployments are more large scale (Telcos). And also, if I took it to that level, the point would be lost to people who are still thinkig at the level of a gaming desktop, or a tower server for a 5 people company...

      As per the security, AMD (and all the others) has similar issues with speculative execution and side channel attacks, some have more issues, some have less issues, is just that Intel gets the bulk of the publicity for the time being, due to their large size.

      Cheers

      --
      *** Suerte a todos y Feliz dia!
    10. Re:Bug by bug patches? by fintux · · Score: 1

      I worked with a lot of Finish guys (Nokia, technomen) at the start of my career, even went to finland for a job interview in Jan 2001, but alas, it was not meant to be.

      Interesting! I also worked at Nokia with some Spanish people, though they were in a different team and abroad, so I think I only had a chance to see them once, was around 2008 or 2009 maybe :)

      What you say abot performance/watt in ultra large scale deployments (Like Amazon, Azure, facebook, Google) is 100% true, and well known, but my deployments are more large scale (Telcos). And also, if I took it to that level, the point would be lost to people who are still thinkig at the level of a gaming desktop, or a tower server for a 5 people company...

      Okay, I didn't really know what your target audience is.

      As per the security, AMD (and all the others) has similar issues with speculative execution and side channel attacks, some have more issues, some have less issues, is just that Intel gets the bulk of the publicity for the time being, due to their large size.

      You're right, however, and the nature of the speculative execution is such that it is quite difficult to get performance from it without sacrificing some of the security. I saw an idea about resetting the state in case of a failed speculation, but that is quite difficult with the different cache levels etc. That said, there has been only a couple of Spectre-like issues affecting AMD CPUs, and the worst one, Meltdown, does not affect them due to differences (speculative execution in AMD products does not bypass privilege boundaries). Intel has been cutting corners for the sake of performance, and they're getting hit by it. So the size is not the only factor for Intel getting the publicity.

  9. Wouldn't it be interesting ... by WoodstockJeff · · Score: 1

    ... if they submitted samples of the CPUs to researchers to find these kind of flaws BEFORE they commit to making the first 100 million of them?

  10. Re:All chips have similarities by David_Hart · · Score: 1

    Seems like many chips have similarities but affect some of them more then others. What's more interesting is that none of this is really being exploited even months after disclosure. obviously a good ideal to try and mitigate what has been found to be weaknesses. But its hardly a huge threat to anyone yet. You can buy into a ARM or AMD and feel secure now, but what about down the road? I don't see any real fixes on the hardware side, only with OS, microcode and bios updates as we move forward for at least the next few years.

    My understanding that most of the Intel flaws require physical access to the system. Plus, BIOS and OS updates have been quickly developed to mitigate some of the issues. I'm not sure if this is reason why there haven't been more exploits or if because of some other factor.

  11. Re:All chips have similarities by jbmartin6 · · Score: 1

    My understanding that most of the Intel flaws require physical access to the system.

    Unclear what you mean here, obviously you don't have to poke your finger into the processor to exploit. There is a certain difficulty in exploiting these flaws, true, which is why we haven't seen much in the wild activity on them. But a lesson was learned from the Rowhammer exploit, 'they' said it was too difficult to locate an appropriate bit in memory and know when to flip it, until someone demonstrated a real attack using it. SPECTRE family is much the same, it requires a deeper level of knowledge than the commodity ransomware attackers out there. But once the details of a real attack are figured out and released it will become more important.

    --
    This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.