Piano World Home Page Forums Our Most Popular Forums Digital Pianos - Electronic Pianos - Synths & Keyboards Intel processor security/performance issue

This news may be of interest here, as the chit-chat amongst the IT people where I work is that these security patches will reduce performance primarily for applications doing heavy IO, which sounds like just the sort of thing software pianos do.

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

If you'd like a more technical read, this article explains the issue as related to Linux, but the issue is more or less the same for Windows and MacOS running on Intel 64-bit CPUs.

http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table

I read about that today and I was worried exactly about computer audio. Such a shame...

With regard to Linux (at least) there will be a kernel parameter available to disable this fix at boot time. Whether that's a good idea or not will depend on your use case, but in the situation where you have a computer solely for music and audio applications, and that isn't online for any purpose, then you might be able to make the case in favour of disabling that fix.

Whether Microsoft and Apple will allow the end user to disable this fix is unknown.

And if you have a computer with an AMD CPU then this won't affect you at all.

Gosh what a bummer :-( 30% that s a nasty hit.

I ve disabled window update for the time being.

thank you

This is not looking good for real-time audio. . .

Reported 30% CPU hit is outrageous; hopefully virtual instruments will not get hit quite so hard but time will tell.

Disabling windows update is a Very Bad Idea.

Unless you don't mind providing your computer to bad actors for their use in spreading malware, hacking proxies, and committing other crimes?

Microsoft Windows is insecure enough (and creates enough problems on the Internet) without taking steps to actively make the situation worse.

As long as you do not run dodgy apps or visit dodgy websites (with firewall on) W10 is pretty safe.

And block all third-party advertising. Advertising networks (including Google's adwords) are notorious for spreading malware.

Disabling Javascript and Flash can also help avoid issues though that can also prevent some legitimate websites from working. And as soon as you go to a website, "hey this doesn't work without javascript, click to enable", then here we go again.

Also, avoid visiting websites that are hosted on compromised servers. (How you can do that, I really have no idea; the closest think I know of is the Google Safebrowsing list, which is used by some web browsers to notify you of compromised sites. Sadly, like other anti-malware efforts, they're always chasing the headlights since a server that was cracked five minutes ago won't be on the list yet.)

None of these are a 100% solution, but they are a good idea and a valid security practice. But running an out-of-date version of an operating system (any operating system) makes these mitigation strategies even more important, though also substantially less effective.

Does anyone know whether this patch will need to be applied to the MacOS? I tried googling for the answer but there is no consensus on Macs (or even Linux) at all. Some say yes, others say no. Tech nerds are surprisingly sure of their own opinions - very polarised. Even though tech nerds made these dodgy chips... 30% slow down, yikes. I think I'd rather not do such an update to my Mac with that penalty - I'll just visit squeaky clean websites!

Report today that some patches were already made in MacOS 10.13.2 and more coming in 10.13.3.

"Multiple sources within Apple not authorized to speak on behalf of the company have confirmed to AppleInsider that there are routines in 10.13.2 to secure the flaw that could grant applications access to protected kernel memory data. These measures, coupled with existing programming requirements about kernel memory that Apple implemented over a decade appear to have mitigated most, if not all, of the security concerns associated with the flaw publicized on Tuesday."

"AppleInsider is in the midst of comparative speed testing on a 2017 MacBook Pro. Early indications are that there are no notable slowdowns between a system running macOS High Sierra 10.13.1 and 10.13.2."

http://appleinsider.com/articles/18...n-macos-for-kpti-intel-cpu-security-flaw

Thanks Macy, much appreciated. Looks like I'm in the clear.

I am not worried about this potential security limitation, so far as my home computers are concerned. I will live with the risk, rather than accept a substantial performance hit (although the performance implications of this fix are pretty unclear right now.) If anybody can get sufficient access to my home computers to exploit the potential security weakness, then I'm already screwed. It means that something in my infrastructure is already badly broken, with consequences that will be impossible to predict.

Installing software from untrustworthy sources could be at increased risk, but this has always been a risk.

Cloud and shared hosting operations could be badly hit. These folks will need to patch, and accept whatever performance implications that entails. However, these installations all run on commodity hardware that is dirt cheap, so there is a comparatively simple solution. The world probably won't end.

Since my system already got the patch I fired up Hauptwerk and fed it a MIDI file. Since you are concerned about acessing large sample libraries in real time it shouldn't make much difference as to whether I play myself or not. The data access is still the same.

CPU (3570K @ 4.6GHz) looked about as bored as before with Hauptwerk using round about 7% CPU time. No audible distortion or Interruptions.

While I do not have a larger library, I don't think VSTs data access patterns are aggressive enough to really tax modern CPUs.

I just updated my main computer (this one). It runs on Centos Linux, and I don't see any difference in the performance. I'm not doing anything musical with it but I ran a du command on my home directory; that's pretty io-bound and it still rocks just as well as it did before.

Most computers spend most of their time laying around doing very little even when you're using it, so there's enough spare oomph to make up for the performance hit.

Based on my limited experience of the past ten minutes, it looks like the practical impact of this will be so negligible as to be not worth noting.

Once again, I've noticed no (zero, nil) difference in the performance of this computer.

I don't think you folks will need to worry about the sky falling when this bug fix is available for Microsoft and Apple.

This is of no concern for me since I always have bought PCs with AMD processors. Also, I keep zero confidential data on my PC so even if I am hacked there is nothing sensitive to be found. Finally, in the unlikely case a hacker forces any malware on my PC, I will be pleased to Norton Ghost him to his garbage galaxy and restore everything on my disks with everything running perfectly smoothly.

You're overlooking the fact that there are other computers on the Internet that are not yours.

If your computer is taken over by the bad guys it can be used as a springboard to do things like emailing spam through your own email account or others, or as a proxy to conceal the bad guy's actual location or origin when he's running an extortion scheme or a hosting platform for malware, child pornography, or any number of other annoying and probably criminal activities.

"I don't care if my computer is hacked because I don't have anything on it" is an irresponsible attitude to have, unless you also completely disconnect your computer from the Internet (remove the ethernet cable, switch off the wifi) and leave it disconnected from here on out.

AMD processors are still affected by the slightly less serious spectre issue.

It is very easy to find out if a PC transmits when one is not currently doing online activities so once again I then know it's been corrupted. I do not need your attitude advice to know what to do. A much more irresponsible thing to do is to let one's computer on when not using it, which I never do.

On a Win10 machine, that is virtually impossible.
I habe Hardware monitoring always visible but I cannot easily distinguish whether that activity is OS related or not. Esp since I use cloud services etc.

Viruses do not transmit GBs of data and tax your network, that is often in the sub KB range and hides VERY well.

It's not just your own computer that is potentially vulnerable to this problem either, if anything the main impact on end user PCs will be the speed drop from having to fully isolate the kernel memory. It's actually far more of a problem for servers.

If you have a server box hosting two websites, the user/admin of one of them could use this flaw to extract sensitive data from the other that it shouldn't have access to.