Page 2 of 4 FirstFirst 1234 LastLast
Results 21 to 40 of 64
  1. #21
    Member LarryPhillips's Avatar
    Join Date
    May 2006
    Location
    USA
    Posts
    1,144
    One of the articles or comments somewhere said video rendering may take a big hit. The sky is falling (up to 35%).

    -LP



  2. #22
    Member theoldghost's Avatar
    Join Date
    Jun 2008
    Location
    U.S.A. The Southeast section of Virginia
    Posts
    1,720
    oops wrong thread. However a article in CNET is saying 2% as Ace posted.



  3. #23
    To me more alarming is that complete valid code, can now be used to dump any memmory address.
    Think of that in world of digital trading, digital signing..
    And not just on windows operating systems but allmost all x86 hardware since 1985
    Just think of it how much has been automated, from banks, hospitals military bases, to nuclearplants..
    Microsoft or apple might try to fix it, but once something runs in kernel mode (drivers etc) assembler could still exploit it, since its a hardware bug software wont be able to 100% cure it. And injecting something trough USB is also still to easy.



  4. #24
    Member m9105826's Avatar
    Join Date
    Dec 2007
    Location
    Fairfax, VA
    Posts
    4,250
    Originally Posted by Razorblade View Post
    To me more alarming is that complete valid code, can now be used to dump any memmory address.
    Think of that in world of digital trading, digital signing..
    And not just on windows operating systems but allmost all x86 hardware since 1985
    Just think of it how much has been automated, from banks, hospitals military bases, to nuclearplants..
    Microsoft or apple might try to fix it, but once something runs in kernel mode (drivers etc) assembler could still exploit it, since its a hardware bug software wont be able to 100% cure it. And injecting something trough USB is also still to easy.
    If it makes you feel any better, no one who has to follow NIST standards (US Govt, Military, most financial institutions) can have endpoints that accept USB input anyway.
    Long time 3D artist and member of the official Cycles Artists Module
    https://www.youtube.com/user/m9105826 - Training, other stuff. Like and subscribe for more!
    Follow me on Twitter: @mattheimlich or on my blog



  5. #25
    Member theoldghost's Avatar
    Join Date
    Jun 2008
    Location
    U.S.A. The Southeast section of Virginia
    Posts
    1,720
    Along with a rather large openSuse Linux Kernel update was this. 'Security Update for ucode - intel' And, if that is the update being discussed here I was happy to see no hit in blender render times.

    Intel update.png

    ///



  6. #26
    I was happy to see no hit in blender render times.
    Lucky for us, Blender and other software that just performs computations don't need much syscalls so even witch patches there will be almost no performance hits.



  7. #27
    I find it funny that people are worried of performance hit meanwhile someone(s) has probably known this for 20 years and used it to micro control the events of the world.
    I can only give suggestions, personal opinions and constructive critique, but it is your decision what you do with it.



  8. #28
    Member ajm's Avatar
    Join Date
    Jul 2010
    Location
    Lincoln, NE
    Posts
    1,323
    Multiple benchmarks on productivity software find minimal slowdown if any, and many times fall within the range of expected deviation. This will affect mostly large databases and heavy server based workloads where speculative computing serves to boost performance.

    In other words, the general consumer has nothing to worry about, aside from the security issue.



  9. #29
    Perhaps the patches are only affecting performance of systems unrelated to 3D content creation. Some Amazon AWS customers seem to be having big problems: https://forums.aws.amazon.com/thread...hreadID=269858

    In the end we may have to just accept this new reality of a slight performance hit for now.

    On a related note, from some technical descriptions I've read it appears that AMD is not vulnerable to the Meltdown vulnerability because they made a critical decision to put security ahead of performance in a certain type of CPU operation. They check whether certain instructions are permitted before starting to run them, while Intel starts the instructions and only checks if they are permitted later, before returning the result. Unfortunately the vulnerability makes the requestor process able to "peek" at the results before the CPU decides to drop them for lack of permission. At least that's my understanding from some overviews I read much earlier today.



  10. #30
    Member Ace Dragon's Avatar
    Join Date
    Feb 2006
    Location
    Wichita Kansas (USA)
    Posts
    28,553
    Originally Posted by Shenan View Post
    Perhaps the patches are only affecting performance of systems unrelated to 3D content creation. Some Amazon AWS customers seem to be having big problems: https://forums.aws.amazon.com/thread...hreadID=269858

    In the end we may have to just accept this new reality of a slight performance hit for now.
    What this shows is that the Intel press release is fairly accurate (individual users with a single machine are seeing little impact at best while server-based users and companies are getting hammered).

    I hope AMD is seeing this as an opportunity to convince companies like Amazon into replacing thousands of Intel chips with Ryzens or Threadrippers (a potentially huge windfall they shouldn't pass up, especially as their profits aren't exactly huge at the moment).
    Sweet Dragon dreams, lovely Dragon kisses, gorgeous Dragon hugs. How sweet would life be to romp with Dragons, teasing you with their fire and you being in their games, perhaps they can even turn you into one as well.
    Adventures in Cycles; My official sketchbook



  11. #31
    Originally Posted by Ace Dragon View Post
    What this shows is that the Intel press release is fairly accurate (individual users with a single machine are seeing little impact at best while server-based users and companies are getting hammered).

    I hope AMD is seeing this as an opportunity to convince companies like Amazon into replacing thousands of Intel chips with Ryzens or Threadrippers (a potentially huge windfall they shouldn't pass up, especially as their profits aren't exactly huge at the moment).
    For the record:

    I already tested tonight 4.4.110 kernel on linux with KPTI and found no speed penalty in my GFX/VFX usecases.
    So we don't have to complain that much about performance. The question how long it takes to close this security
    issue over the whole userbase incl. IOT is another story and i fear one or another case will show up where still unpacthed systems get exploited.

    Jens



  12. #32
    Member SterlingRoth's Avatar
    Join Date
    Mar 2006
    Location
    Portland, OR
    Posts
    2,066
    VM based servers are the most vulnerable to these exploits, so it makes sense that those use cases are the ones with the biggest performance hit.



  13. #33
    Member theoldghost's Avatar
    Join Date
    Jun 2008
    Location
    U.S.A. The Southeast section of Virginia
    Posts
    1,720
    Granny Porn sure took a hit damn it!



  14. #34
    Originally Posted by jensverwiebe View Post
    For the record: I already tested tonight 4.4.110 kernel on linux with KPTI and found no speed penalty in my GFX/VFX usecases. So we don't have to complain that much about performance. The question how long it takes to close this security issue over the whole userbase incl. IOT is another story and i fear one or another case will show up where still unpacthed systems get exploited. Jens
    Note that KPTI and the windows equivalent help but are not enough. The CPU microcode will have to be updated too. It's not sure yet if this microcodes will be enough to prevent attacks in all cases. You also need an updated browser. Until now, they only mitigate the possible exploit by lowering the timers precision. It makes it harder to use the security holes, but don't protect you 100% either. Coming weeks will show how deep and dangerous those vulnerabilities really are.
    If you want cool new features for Blender and Cycles ( like 1.5x to 2x faster renderings ), you can donate here https://www.paypal.me/matmenu and https://www.patreon.com/matmenu



  15. #35
    Originally Posted by bliblubli View Post
    Note that KPTI and the windows equivalent help but are not enough. The CPU microcode will have to be updated too. It's not sure yet if this microcodes will be enough to prevent attacks in all cases. You also need an updated browser. Until now, they only mitigate the possible exploit by lowering the timers precision. It makes it harder to use the security holes, but don't protect you 100% either. Coming weeks will show how deep and dangerous those vulnerabilities really are.
    Internet browsing is another aspect and i have already ff 57.0.4 selfcompiled.
    As of todays world also adblockers and scriptblockers seem to be a must.
    Sure we can never know if all is really hardened, experience shows it never will be

    Edit: just saw ff with meltdown/spectre handling is now available in packages.

    Edit2: just had a discussion with kerneldevs,, seems a mix of new microcode and optimized kernel workarounds
    will be the final solution for vulnerable hw and evolve a bit more in the next weeks.

    The ultimate fix will be redesigned cpu's anyway, grrrrr .....

    Jens
    Last edited by jensverwiebe; 07-Jan-18 at 11:48.



  16. #36
    Member BluePrintRandom's Avatar
    Join Date
    Jul 2008
    Location
    NoCal Usa
    Posts
    18,518
    this is why open source hardware needs to be a thing.
    Break it and remake it - Wrectified
    If you cut off a head, the hydra grows back two.
    "headless upbge"



  17. #37
    Member Ace Dragon's Avatar
    Join Date
    Feb 2006
    Location
    Wichita Kansas (USA)
    Posts
    28,553
    Originally Posted by BluePrintRandom View Post
    this is why open source hardware needs to be a thing.
    Open Source does not mean everything will be perfectly secure (Linux has to patch holes now and then).

    Also, hardware is different from software in that you can't just "download a new build" or "apply a patch" and get an improved PC (if the flaw is in the design itself, the only patching you can do is to software to work around the problem). Also, the expertise and engineering skills required to design hardware that works ensures that you can't have a community-based FOSS-like project in hardware the same way you can with Blender (users would still have to buy the latest and greatest chip to have the latest updates for instance).

    Also keep in mind that the exploit affects ARM chips as well, and its architecture is about as close to Open Source as you can get in that area (a license to tinker with the architecture and make chips based on it can be had by any company unlike with the x86 design).

    Now you might try to go the 3D printer angle, the different materials you would need (and the fact that chips today have complexities near the molecular level) means you would first need something near the level of a Star Trek replicator (and we're a long way from that).
    Last edited by Ace Dragon; 07-Jan-18 at 15:14.
    Sweet Dragon dreams, lovely Dragon kisses, gorgeous Dragon hugs. How sweet would life be to romp with Dragons, teasing you with their fire and you being in their games, perhaps they can even turn you into one as well.
    Adventures in Cycles; My official sketchbook



  18. #38
    Epic told that Fornite servers load up to 150% after patch meltdown.



  19. #39
    Originally Posted by bliblubli View Post
    Note that KPTI and the windows equivalent help but are not enough. The CPU microcode will have to be updated too. It's not sure yet if this microcodes will be enough to prevent attacks in all cases. You also need an updated browser. Until now, they only mitigate the possible exploit by lowering the timers precision. It makes it harder to use the security holes, but don't protect you 100% either. Coming weeks will show how deep and dangerous those vulnerabilities really are.
    In here lies the problem, these kind of hardware bugs cannot be 'fixed' by micro code updates, its a CPU proces design flaw. Not even Microsoft Apple and intel combined can fix this for 100%.
    Oh and i dont feel relieved that USB is disbabled inside governments; sure its one thing but the bad thing this was only 1 (similair) flaw as like the CPU core design flaw. There are still more then enough attack vectors on Windows / Linux / Mac. And i can imagine the hunt is on, now that people store huge amount of assets in crypto coins.

    I'd be the least worried about Blender performance impact, sure its a thing.
    But an all out broken security, root level access world wide, without antivirus programs that can fix this.
    Dark grim years could be ahead...



  20. #40
    Member SterlingRoth's Avatar
    Join Date
    Mar 2006
    Location
    Portland, OR
    Posts
    2,066
    Originally Posted by theoldghost View Post
    Granny Porn sure took a hit damn it!
    Ghost, that's hilarious. Perfect pick me up on a Monday morning!



Page 2 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •