[gatmne]

Why should they bother communicating clearly with their customers? Who are those customers going to turn to? AMD? ARM?

Between Intel's numerous CPU bugs that they refused to refund customers for and ME, it's crystal clear what Intel thinks about their customers.

[SteveNuts]

Customers actually could turn to AMD... their offerings are very competitive right now.

[djsumdog]

I'm thinking of building an AMD dev box. For enterprise consumers, if they're using 1U or blade servers, they could make the choice to switch to AMD for future nodes.

[sangnoir]

I strongly recommend that you go AMD. I went all-in on AMD - I agonized over the choice between 8-core Ryzen and 8-core ThreadRipper: ended up with a 12-core TR thanks to steep holiday-season discounts that lowered prices one rung down. TR4-socket motherboards a way more expensive compared to Ryzen ones (same-old AM4 socket).

I know my box is overkill for my needs now, but upgradeability is a big plus for me; I'm only using 16GB of RAM, but could up that to 128GB, and maybe I might swap out the CPU for a 64-core Zen4+ in 2022. For reference, my last dev box is from 2010[1](!) which I upgraded over time and this strategy has served me well. YMMV.

1. Westmere - 1st Gen 'Intel Core'

[noir_lord]

I have a Ryzen developer box at work and it is awesome, paired with 32GB of RAM and SSD's it absolutely screams.

My next home PC will be Ryzen 2 at some point this year.

[leonroy]

Linux or Windows? I've been doing dev on a large React app recently and the thought of running npm install on Windows makes me anxious about the performance vs my Mac - wondering if Windows has gotten better of late with lots of tiny file I/O.

[paulie_a]

As an avid fan of AMD going back to the late 80s they have always been a cheaper and better alternative. I am still bitter about rdram in regards to Intel

[readams]

They really haven't. AMD was so far behind Intel they were in danger of going extinct in data centers. Only very recently have they caught up again to be a credible competitor.

This bug and Intel's response is very good timing for AMD though.

[xenadu02]

It was Intel’s anti-competitive and illegal actions that prevented AMD from owning the market during the several year period when Opteron was not only the best CPU but the only 64-bit x86 CPU.

Unfortunately the legal process was far too slow and the penalties were a pittance compared to the profits.

It benefits all of us to have a competitive market for x86 CPUs.

[tyingq]

They have been in a similar position before. It took Intel a while to respond to x64/Opteron. AMD was soaring for while back then.

[craftyguy]

They are literally no better.

[lunorian]

AMD and ARM also has vulnerabilities similar to Spectre and Meltdown. For example http://fortune.com/2018/01/11/amd-chips-vulnerable-to-both-v... switching to AMD or ARM won't save you.

[betterunix2]

Many CPUs are vulnerable to Spectre, but Meltdown is much more severe and far easier to exploit. Meltdown is fairly specific to Intel.

[discreditable]

AMD is vulnerable to Spectre, but nothing like Meltdown.

[darklajid]

There are issues with this 'laptop' (don't put it on your lap is one), but AMD is a viable option I think..

https://imgur.com/Qsodtxv

[dogma1138]

Well AMD mobile CPUs are 4 core, so I would assume you bought one of the hackjob DTR's with a desktop CPU or just are using a desktop in a jest :P

[darklajid]

It's a "hackjob" by Asus Republic of Gamers.

Not a home-built thing, but not what you'd call a laptop (portable, battery life) either..

[merb]

> There are issues with this 'laptop' (don't put it on your lap is one)

ouch, that is definitiv not a good issue... but well my mbp late 2013" gets hot as well.

[darklajid]

Hm? The screenshot was merely showing the good parts (8 cores, 16 virtual).

It's not getting particularly hot in general, entirely depends on the use case. When I max out the cores or run a game? Quite hot. Otherwise: Mostly fine..

It's just unwieldy, big and heavy, hence not really useful on a lap..

[metahost]

Have you tried cleaning the dust accumulated inside?

[merb]

I always do.

[ryanlol]

>Between Intel's numerous CPU bugs that they refused to refund customers for

How do you propose this could work?

Are side channel vulnerabilities in CPUs really bugs?

[eximius]

I mean, this one, yea. Speculative execution should not have side effects when wrong because it is Intel silently, sneakily breaking the model of how the CPU works (at least, if you only include the cache in how the PC works and not branch prediction).

I would have expected, if I thought to ask, that items were not added to the cache or were removed from the cache if the branch was not retired.

[EgoIncarnate]

Removing items afterwords probably wouldn't work as you might be able stuff (instead of flush) the cache and figure out which line was emptied.

Intel isn't being sneaky, speculative reading was a standard and accepted feature for out of order processors for over 20 years (remember it affects ARM,AMD,Apple,IBM etc as well). Speculative reading privileged memory while unprivileged was a big mistake though.

[sverige]

Intel's greatest PR success in this mess has been to conflate Meltdown with Spectre. Only Intel is affected by Meltdown because of their design, and it is a more easily exploited bug.

[EgoIncarnate]

Meltdown is not only Intel. Some ARM and Apple designed ARM processors are affected by Meltdown as well. https://en.wikipedia.org/wiki/Meltdown_(security_vulnerabili...

[makomk]

There are no products on the market shipping with the one ARM-designed processor affected by Meltdown.

[djrogers]

What’s your source for the Apple claim, as your link doesn’t support it.

[dogma1138]

Meltdown is a Variant of Spectre this isn't how Intel classifies it, this is how Google Project Zero, and heck even Intel's competitor AMD classifies it.

https://www.amd.com/en/corporate/speculative-execution

https://googleprojectzero.blogspot.co.uk/2018/01/reading-pri...

It's also not the scariest variant, it's easily fixed (performance degradation aside), doesn't require a microcode update to be fixed hence is 100% software mitigated, doesn't allow you to cross between guest and host memory address spaces and isn't remotely exploitable.

On the other hand variant 1 and 2 are much scarier because they are the complete opposite of Meltdown.

[mtgx]

Meltdown is not a variant of Spectre. Spectre itself has two variants.

And Meltdown was the easiest to exploit. Spectre is "bad" because it affects everyone, but it's less exploitable than Intel's Meltdown.

[paulmd]

Meltdown is a specific type of Spectre exploit.

While it's more easily exploited, it's also patchable with minimal performance impact, unlike Spectre in general.

[pritambaral]

No, it's not. Please read the website of the attacks created by those who discovered and named them: https://meltdownattack.com and https://spectreattack.com

[EgoIncarnate]

Potentially minimal is probably more accurate. It's workload dependent. In some cases, such as frequent interrupts or system calls on older CPUs without the PCID and INVPCIB features to mitigate the cost, it can be be very expensive.

[eximius]

I don't mean they're literally being sneaky. The point was, from an OS or userland perspective, it should be invisible. Besides performance, it should have no effect because it is literally breaking the CPU model by executing code it shouldn't. It fixes it by not retiring the results, but the bug is in leaving an effect that can be found.

[EgoIncarnate]

If you had said CPU designers were being sneaky it would be more obvious that you weren't being literal. By saying "Intel silently, sneakily...", it's more personal and seems as if you are being literal. It wasn't really silent either, it was well enough documented that they did speculative execution. Many many very technical and educated people from across the industry knew about this and didn't think it was an issue. They were wrong.

Let's not throw the baby out with the bathwater here. I don't think the problem is that speculative execution is not as invisible as it was once believed. The problem is more of awareness and documentation. If there was an option to disable speculative execution and awareness of the associated security issues from the beginning, I don't think anyone would have a problem with using it for a performance boost where it was safe to do so. The problem is there was an industry wide assumption that it wasn't a problem that turned out to be wrong.

[adrianN]

They promise modern process isolation and fail to deliver it. Their fixes reduce performance significantly. IANAL, but that sounds like a defective product.

[wolfgke]

> They promise modern process isolation and fail to deliver it.

Before one makes such a statement, one has to define "modern process isolation" in a very formal way, so that not anybody (neither Intel nor the customer) can redefine the meaning as they desire. I am not aware that Intel gave such a formal definition that they claim to obey to (but perhaps fail). So any operating system can only rely on very weak guarantees for the processor to provide "isolation" (using quotes since I have not defined the term "isolation" formally). Thus the OS has to implement stronger isolation primitives that it desires by itself (by using the weak primitives that the processor provides).

[ryanlol]

>They promise modern process isolation and fail to deliver it.

Modern process isolation is not flawless, therefore it is not modern process isolation.