AFAIK the kernel software workaround (called KPTI in Linux) makes it impossible to exploit the Meltdown hole (i.e. variant #3 from Project Zero). There's some performance cost but Google has measured the cost as negligible on real workloads.
You do not understand what the "patch" does.
Semi-technical answer: It clears the cache a lot.
Caches started to be added to CPUs because primary RAM is magnitudes slower than CPU processing capabilities. It is rather like the difference between helping someone over the phone and giving them verbal instructions versus sitting down at the keyboard and doing it yourself.
For end user workloads, this is not a huge deal most of the time because even the "talking over the phone" is MUCH faster than we perceive. That is why you are not noticing anything.
However, databases and web servers and other I/O intensive apps will be severely affected. The 5% number is for a CPU that is not pegged doing useful work. Once you throw a serious load at it, the lack of caching is going to be absolute murder. Back of the envelope estimates are close to 40% performance hit. It could even be worse, we will have to see.
But yeah, for end users that are not hardcore gamers, the patch is a non-issue. Some gamers will not even be affected because their games are GPU bound, not CPU bound.
The CPUs and support circuitry (like chipset) are simply too damn complex for a human brain to hold an entire model of in any level of detail capable of being useful in a design context.
I respectfully disagree.
It is possible, but Intel is not likely to pay someone properly who can do that when what they "want" are really just easily replaceable assembly line engineers. To management, there is no reason to fully understand, it just needs to work.
I get nausea and vertigo when I see large, fairly complex things that are vital but that nobody seems to have a full grasp of the whole system.
AMD checks the permissions BEFORE allowing access to the cache, Intel does not; therefore Meltdown is REALLY Intel only.
The whole reason Spectre is even being discussed is to cause confusion in people who are not aware of the technical details (most everyone).
Yes, you can cause AMD chips to speculatively execute but you can not get at the fucking data. It really is that simple. There is no amount of tweaking or hacking that will cause the AMD chip to cough up information like you can with Intel chips.
This bug is actually apocalyptic in nature. Intel could get broken as a company. The only solution besides replacing the silicon is to flush the cache which is going to hit I/O intensive workloads MUCH harder than normal workloads.
What is I/O intensive? Databases and Web Servers... Business are going to have double their capacity to deal with this patch. There will be lawsuits. Unless the administration hands Intel a Get Out of Jail Free card, Intel is going to get hurt BADLY.
However, as studies repeatedly bear out, the number who want to is far below the demand
Citations please.
most people who work in the sex industry don't want to be there
Citations please.
I friended you about a decade ago. I then unfriended you a year or two after that (but not foe). The reason why I friended you is because you seemed intelligent, balanced, and rational. The reason why I removed you as a friend is because of this type of stuff here.
Your world view is weird in relation to genders and their relationships and you never seem to actually provide concrete evidence supporting your world view. I do not really consider you a SJW, but you are frighteningly close.
I think Agent Smith was sort of telling the truth in The Matrix when he said the peak of human evolution was around the mid 1990's.
Conspiracy mode: That was the last time that the people who controlled the world felt safe from the people researching the technology. It is almost currently possible for a single person to kill everyone on the planet. This capability upsets the balance of power; therefore, it is time to retard the progress of science.
Seriously, there is much cool shit we could be doing but between social control, psychological fuckery, dense regulations, and other methods, we are in prisons with the bars made from our own acceptance of all of the above.
You are dead. All humans at dead. You think you're remembering this crap because we're doing brain dumps from the parts we found. We're trying to figure out what went wrong with the design.
That would be a deeply fascinating basis for the start of a story. It would permit the exploration of ideas not limited to a human point of view.
Alphabet/Facebook are months beyond needing to be taken down a peg, too bad government works in years/decades while FB/A work in months.
Those companies are not required for an individual to enjoy using the Internet. Who cares how much of a "monopoly" they achieve?
Should their data harvesting be inspected by "authorities"? Sure. Should the involuntary aspects of their data harvesting be regulated? Likely. Should the companies be broken up like AT&T was? No.
If you tell a firefighter/paramedic you refuse treatment, that's what treatment you'll get.
A long time ago in a land not so far away (USA) I told the paramedics I refuse treatment. I was forced into the ambulance essentially at gun point. No, the police officer never drew his weapon. Yes, the police officer said I was required to get into the ambulance. *shrug* maybe the laws have changed.
Since copying content has become easy, how do the people who create content get paid? How do news organizations pay reporters to investigate stories?
That is not a problem I need to solve. I pay (quite handsomely) for digital content that I like. Steam (for games mostly) is one such platform.
As for "News" organizations? If they were truly giving me news instead of programming my expectations and biases (and other psychological warfare bullshit), I might actually pay for them too.
There are no easy solutions.
I don't care. Let it all disappear.
Actually, within a few months, it will all disappear for me anyways. Once there is no more "Network Neutrality", I will elect to stop participating entirely. Thank god I have pirate backups of all of my Steam games (that I play on Linux).
I suppose you could run your business so that the employee was 100% physically monitored during work hours by a manager
I am unsure why extremes are always sought. A good manager will sample their employee's work from time to time to ensure that what the manager expects to be happening is indeed actually happening. If the sampling were instead 100% of the time, then the manager effectively becomes the employee. If you do not sample at all, you have no idea if your expectations are reality.
TL;DR You must test reality from time to time in order to ensure that your thoughts are consistent with reality.
Those guys are supposed to have a semi-infinite annual budget. They are supposed to hire the best of the best. And they keep getting caught on all sorts of fracas. How incompetent can they be?
They do not pay very well and are quite anal to work for. What kind of people do you think they will get?
I find it odd that so many Anonymous Cowards are intellectually dishonest and try to sow hatred.
Some people on Slashdot do not like Trump.
Some people on Slashdot do like Trump.
The majority of Slashdot seems to be of the mind that we should let history decide how to judge this president.
But no, people like you are not satisfied with that. You want to sow hatred and dissension. I sincerely hope that it is not regular Slashdot folks modding up your shit. I have had enough of your poison.
Who cares when it stutters when I scroll and it did not do that before. Go ahead and blame my extensions... oh, you can't. All of my extensions (only noscript) stopped working immediately. Meh.
That's why when I attend funerals, I make a speech suggesting that there is no evidence of an afterlife, and that the deceased's death was objectively meaningless. Don't even ask what I say at weddings.
Not equivalent. When you are invited to speak at a funeral, do they ask you to discuss your opinions on the afterlife or do they ask you to say something about the deceased?
Mr. Damore was asked to talk about what he wrote about; therefore, the two situations are not equivalent and you have no point to be made by using your alternate situation.
Starving to death is not a pleasant way to go. They took his source of food away. What do you think he will do to get his food back? Yeah, stop being so judgemental. It is a fight that needs to be fought, but, apparently, he is not the one to do it. Case closed.
Which of the recent NSA scandals were prevented by your gun ?
Guns are for"fixing" immediately, bodily control situations. The government is not afraid of guns, it has bigger guns. The individual officer enforcing the government's "wishes" is deathly afraid of your gun.
I am unsure why you are conflating the ownership of guns with things that guns have no ability to affect.
Testing for *every* possible failure case is hard.
You are doing it wrong.
I wrote a bot for IRC (running on EFNET now for almost 20 years). What I did was drop everything that I was not looking for and if it was what I was looking for and did not fit into what I had created for it to exist in, I dropped it too. No error messages, no alternate program flow, just dropped. Either the data conforms to the protocols at all layers, or it is just dropped. Why attempt to make sense out of it or try to handle the various ways it could be messed up? Just. Drop. It. The bit bucket is a nice friendly place that never fills up.:)
In essence, I did not try to control reality. I controlled myself... and that is a hell of a lot of easier to test.
They aren't motivated enough to spend a ton of money on security.
Money can not buy security. Reducing the resources available will definitely detract from security. There is no simple answer relating to security that fits within our "modern" corporate environment.
I like my Internet free, but recent article in The Atlantic made me second-guess this.
To reiterate a comment I made earlier: Facebook and Google can not control the packet flows from your computer to the rest of the Internet. Comcast and AT&T can control your packet flows. Regardless of monopoly status, a monopoly at your router is more "evil" by far than a monopoly at a destination. I can avoid Facebook and Google to some extent. I can not, in any way, shape or form, avoid Comcast or AT&T.
I disagree with Catholics and Christians being anywhere near children because of their tendency to be rapey. I agree with animals being around children, they tend to not rape children.
Tons of people here are rightly skeptical of Google, Facebook, at al, but saw nothing suspicious about those companies being the LEADING proponents of net neutrality.
Let me help clarify the situation a bit please:
You know the 7 layer TCP/IP model? Google and Facebook are layer 7. They want to monopolize layer 7. The telecoms/ISPs are layer 3. They want to monopolize layer 3.
Well, if layer 3 is monopolized, the layer 7 folks can not be as effective at monopolizing their layer. That is why they fought for Net Neutrality.
This Bloomberg piece is a carefully architected assault designed to confuse you and make you give up (since all is hopeless anyways!) concerning any notions of neutrality. Well, those of who know, can see the difference between monopolizing layer 3 and monopolizing layer 7. They are not the same thing.
It now competes head to head in performance and features, and offers an alternative with improved privacy.
Kind of. If by competing in features you mean by removing the ability to control the behavior of the browser itself. I am unsure how removing control improves privacy since by default, Mozilla wants advertisers to be able to track you and web site creators to be able to control your browser more effectively. In short, everyone but you gets more control. More privacy!
Slashdot Mirror
AFAIK the kernel software workaround (called KPTI in Linux) makes it impossible to exploit the Meltdown hole (i.e. variant #3 from Project Zero). There's some performance cost but Google has measured the cost as negligible on real workloads.
You do not understand what the "patch" does.
Semi-technical answer:
It clears the cache a lot.
Caches started to be added to CPUs because primary RAM is magnitudes slower than CPU processing capabilities. It is rather like the difference between helping someone over the phone and giving them verbal instructions versus sitting down at the keyboard and doing it yourself.
For end user workloads, this is not a huge deal most of the time because even the "talking over the phone" is MUCH faster than we perceive. That is why you are not noticing anything.
However, databases and web servers and other I/O intensive apps will be severely affected. The 5% number is for a CPU that is not pegged doing useful work. Once you throw a serious load at it, the lack of caching is going to be absolute murder. Back of the envelope estimates are close to 40% performance hit. It could even be worse, we will have to see.
But yeah, for end users that are not hardcore gamers, the patch is a non-issue. Some gamers will not even be affected because their games are GPU bound, not CPU bound.
The CPUs and support circuitry (like chipset) are simply too damn complex for a human brain to hold an entire model of in any level of detail capable of being useful in a design context.
I respectfully disagree.
It is possible, but Intel is not likely to pay someone properly who can do that when what they "want" are really just easily replaceable assembly line engineers. To management, there is no reason to fully understand, it just needs to work.
I get nausea and vertigo when I see large, fairly complex things that are vital but that nobody seems to have a full grasp of the whole system.
Wow. So many ignorant people here.
AMD checks the permissions BEFORE allowing access to the cache, Intel does not; therefore Meltdown is REALLY Intel only.
The whole reason Spectre is even being discussed is to cause confusion in people who are not aware of the technical details (most everyone).
Yes, you can cause AMD chips to speculatively execute but you can not get at the fucking data. It really is that simple. There is no amount of tweaking or hacking that will cause the AMD chip to cough up information like you can with Intel chips.
This bug is actually apocalyptic in nature. Intel could get broken as a company. The only solution besides replacing the silicon is to flush the cache which is going to hit I/O intensive workloads MUCH harder than normal workloads.
What is I/O intensive? Databases and Web Servers... Business are going to have double their capacity to deal with this patch. There will be lawsuits. Unless the administration hands Intel a Get Out of Jail Free card, Intel is going to get hurt BADLY.
However, as studies repeatedly bear out, the number who want to is far below the demand
Citations please.
most people who work in the sex industry don't want to be there
Citations please.
I friended you about a decade ago. I then unfriended you a year or two after that (but not foe). The reason why I friended you is because you seemed intelligent, balanced, and rational. The reason why I removed you as a friend is because of this type of stuff here.
Your world view is weird in relation to genders and their relationships and you never seem to actually provide concrete evidence supporting your world view. I do not really consider you a SJW, but you are frighteningly close.
I wish you no ill will. Have a nice life.
Would you want this person on your jury if you are being tried for capital crimes?
I think Agent Smith was sort of telling the truth in The Matrix when he said the peak of human evolution was around the mid 1990's.
Conspiracy mode: That was the last time that the people who controlled the world felt safe from the people researching the technology. It is almost currently possible for a single person to kill everyone on the planet. This capability upsets the balance of power; therefore, it is time to retard the progress of science.
Seriously, there is much cool shit we could be doing but between social control, psychological fuckery, dense regulations, and other methods, we are in prisons with the bars made from our own acceptance of all of the above.
You are dead. All humans at dead. You think you're remembering this crap because we're doing brain dumps from the parts we found.
We're trying to figure out what went wrong with the design.
That would be a deeply fascinating basis for the start of a story. It would permit the exploration of ideas not limited to a human point of view.
Alphabet/Facebook are months beyond needing to be taken down a peg, too bad government works in years/decades while FB/A work in months.
Those companies are not required for an individual to enjoy using the Internet. Who cares how much of a "monopoly" they achieve?
Should their data harvesting be inspected by "authorities"? Sure. Should the involuntary aspects of their data harvesting be regulated? Likely. Should the companies be broken up like AT&T was? No.
If you tell a firefighter/paramedic you refuse treatment, that's what treatment you'll get.
A long time ago in a land not so far away (USA) I told the paramedics I refuse treatment. I was forced into the ambulance essentially at gun point. No, the police officer never drew his weapon. Yes, the police officer said I was required to get into the ambulance. *shrug* maybe the laws have changed.
This is a problem that needs to be solved.
Why does it need to be solved?
Since copying content has become easy, how do the people who create content get paid? How do news organizations pay reporters to investigate stories?
That is not a problem I need to solve. I pay (quite handsomely) for digital content that I like. Steam (for games mostly) is one such platform.
As for "News" organizations? If they were truly giving me news instead of programming my expectations and biases (and other psychological warfare bullshit), I might actually pay for them too.
There are no easy solutions.
I don't care. Let it all disappear.
Actually, within a few months, it will all disappear for me anyways. Once there is no more "Network Neutrality", I will elect to stop participating entirely. Thank god I have pirate backups of all of my Steam games (that I play on Linux).
I suppose you could run your business so that the employee was 100% physically monitored during work hours by a manager
I am unsure why extremes are always sought. A good manager will sample their employee's work from time to time to ensure that what the manager expects to be happening is indeed actually happening. If the sampling were instead 100% of the time, then the manager effectively becomes the employee. If you do not sample at all, you have no idea if your expectations are reality.
TL;DR You must test reality from time to time in order to ensure that your thoughts are consistent with reality.
Those guys are supposed to have a semi-infinite annual budget. They are supposed to hire the best of the best. And they keep getting caught on all sorts of fracas. How incompetent can they be?
They do not pay very well and are quite anal to work for. What kind of people do you think they will get?
I find it odd that so many Anonymous Cowards are intellectually dishonest and try to sow hatred.
Some people on Slashdot do not like Trump.
Some people on Slashdot do like Trump.
The majority of Slashdot seems to be of the mind that we should let history decide how to judge this president.
But no, people like you are not satisfied with that. You want to sow hatred and dissension. I sincerely hope that it is not regular Slashdot folks modding up your shit. I have had enough of your poison.
It's going to come to head eventually, and I wonder what will happen then.
The same things that always happen when things get resolved "naturally". People will die. Probably lots of people. *shrug*
Who cares when it stutters when I scroll and it did not do that before. Go ahead and blame my extensions... oh, you can't. All of my extensions (only noscript) stopped working immediately. Meh.
That's why when I attend funerals, I make a speech suggesting that there is no evidence of an afterlife, and that the deceased's death was objectively meaningless. Don't even ask what I say at weddings.
Not equivalent. When you are invited to speak at a funeral, do they ask you to discuss your opinions on the afterlife or do they ask you to say something about the deceased?
Mr. Damore was asked to talk about what he wrote about; therefore, the two situations are not equivalent and you have no point to be made by using your alternate situation.
Starving to death is not a pleasant way to go. They took his source of food away. What do you think he will do to get his food back? Yeah, stop being so judgemental. It is a fight that needs to be fought, but, apparently, he is not the one to do it. Case closed.
Which of the recent NSA scandals were prevented by your gun ?
Guns are for"fixing" immediately, bodily control situations. The government is not afraid of guns, it has bigger guns. The individual officer enforcing the government's "wishes" is deathly afraid of your gun.
I am unsure why you are conflating the ownership of guns with things that guns have no ability to affect.
Summary: Guns = Local, NSA "scandal" = Not Local
Testing for *every* possible failure case is hard.
You are doing it wrong.
I wrote a bot for IRC (running on EFNET now for almost 20 years). What I did was drop everything that I was not looking for and if it was what I was looking for and did not fit into what I had created for it to exist in, I dropped it too. No error messages, no alternate program flow, just dropped. Either the data conforms to the protocols at all layers, or it is just dropped. Why attempt to make sense out of it or try to handle the various ways it could be messed up? Just. Drop. It. The bit bucket is a nice friendly place that never fills up. :)
In essence, I did not try to control reality. I controlled myself... and that is a hell of a lot of easier to test.
They aren't motivated enough to spend a ton of money on security.
Money can not buy security. Reducing the resources available will definitely detract from security. There is no simple answer relating to security that fits within our "modern" corporate environment.
I like my Internet free, but recent article in The Atlantic made me second-guess this.
To reiterate a comment I made earlier: Facebook and Google can not control the packet flows from your computer to the rest of the Internet. Comcast and AT&T can control your packet flows. Regardless of monopoly status, a monopoly at your router is more "evil" by far than a monopoly at a destination. I can avoid Facebook and Google to some extent. I can not, in any way, shape or form, avoid Comcast or AT&T.
I disagree with Catholics and Christians being anywhere near children because of their tendency to be rapey. I agree with animals being around children, they tend to not rape children.
Be careful around dolphins... Just sayin' :)
Seriously?
The logic is the same for both arguments. The only difference is in the subjects.
I suspect I must be missing something? Am I supposed to let my opinion on Bit Torrent affect the logical outcome when applied to guns or vice versa?
I have to be missing something. (That people are not rational?)
Tons of people here are rightly skeptical of Google, Facebook, at al, but saw nothing suspicious about those companies being the LEADING proponents of net neutrality.
Let me help clarify the situation a bit please:
You know the 7 layer TCP/IP model? Google and Facebook are layer 7. They want to monopolize layer 7. The telecoms/ISPs are layer 3. They want to monopolize layer 3.
Well, if layer 3 is monopolized, the layer 7 folks can not be as effective at monopolizing their layer. That is why they fought for Net Neutrality.
This Bloomberg piece is a carefully architected assault designed to confuse you and make you give up (since all is hopeless anyways!) concerning any notions of neutrality. Well, those of who know, can see the difference between monopolizing layer 3 and monopolizing layer 7. They are not the same thing.
I feel sick.
It now competes head to head in performance and features, and offers an alternative with improved privacy.
Kind of. If by competing in features you mean by removing the ability to control the behavior of the browser itself. I am unsure how removing control improves privacy since by default, Mozilla wants advertisers to be able to track you and web site creators to be able to control your browser more effectively. In short, everyone but you gets more control. More privacy!