The Spectre vulnerability affects AMD and ARM processors, too, apparently. See: <https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)>. That isn't the only place I've read that. Modern CPUs are very complex and their inner workings are proprietary so how likely is it that AMD CPUs don't have this or other equally bad vulnerabilities? We are only seeing the tip of the iceberg. GPUs and other components, like the BIOS are likely to have quite severe vulnerabilities that we don't know about, yet.

By the way, I don't see the point of doing a new build with a CPU that is four generations old and with only 16GB that ends up costing $1600+. You could purchase a refurbished, off-lease workstation of that vintage for about a quarter of the price with more RAM. It would not likely have an SSD but you could always add one if you really wanted to.

Regards,

Clifford Ilkay

+1 647-778-8696

On Mon, Jan 8, 2018 at 10:33 AM, Steve Petrie, P.Eng. via talk <talk@gtalug.org> wrote:
Warm Greetings To GTALUG Members,
 
Just as year 2018 arrived and I prepared to push the Order button, on the various parts for building a new desktop PC to run debian LInux, replacing an ancient Dell Windows XP PC, along comes revelation of the Intel Meltdown CPU bug, to muddy the picture.
 
My present new desktop PC build spec (much modified according to some excellent earlier advice from GTALUG members) has an Intel Z97 LGA 1150 Intel 4-Core i5-4460 3.2GHz Haswell Processor. (I know, I know, the Intel Haswell CPU series is obsolete, but let's just ignore this fact for the present discussion.)
 
I attach a copy of the present build spec:
  • <ca.pcpartpicker.com -- deb8_PC_business_24_7_duty_bare_v1 - summary - Steve_Petrie - 20170722.odt.pdf>;
  • <ca.pcpartpicker.com -- deb8_PC_business_24_7_duty_bare_v1 - accessories - Steve_Petrie - 20170722.odt.pdf>;
* * *
* * *
 
It seems to me that, with regard to the Intel Meltdown bug, I have two basic options:
  • 1. Just accept the Meltdown bug situation, proceed with the PC build using the Intel CPU, and live with the perforrmance hit that comes with the fix in the Linux kernel for the Meltdown bug.
     
  • 2. Invest a week or two to investigate AMD CPU options that will avoid altogether the Intel Meltdown bug. This strategy could lead to a lengthy necessary respecification of other components in the PC build spec, depending on how an AMD architecture fits with peripherals.
An ARM CPU is not an option, as one of the other operating system I plan to run on the new PC is DragonFlyBSD, which only runs on Intel and AMD processors (not ARM).
 
* * *
* * *
 
*** LATE BREAKING NEWS ***
 
Speaking of DragonFlyBSD, here is an interesting snippet just in from the dfly <users@dragonflybsd.org> email discussion forum:
 
Subject: Re: Meltdown and Spectre information update
 
Matthew Dillon wrote:
> (2) Intel is supplying a Microcode patch for newer CPUs, but it's hard
> to say how many BIOS makers will ever adopt it.

I wouldn't count on it very much, especially nowadays when hardware is
very usable far longer than vendors are even willing to support it.

But that's the reason why Linux kernel provides a way to update a
microcode early during boot or even in runtime. Maybe it's a good idea
to implement it for DragonFly as well.

https://github.com/torvalds/linux/blob/master/Documentation/x86/microcode.txt

Could be a promising fix for Meltdown, using the Linux microcode update facility to install the Intel microcode patch for the Meltdown bug. I may need to switch to a newer Intel CPU (than Haswell), if no Meltdown microcode fix is forthcoming from Intel for Haswell.
* * *
* * *
 
Do GTALUG members have any opinions on the relative merits of the strategies I suggest above ??
 
Any comments / advice from GTALUG members, regarding the above strategies (or any other strategy that comes to mind) would be gratefully received.
 
And then there is the Spectre bug also lurking ...
 
Thanks in advance,
 
Steve
 
apetrie@aspetrie.net

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk