I'm gonna do it Jow Forums, I'm going to disable those damn protections

Its not a big deal at all for the average consumer, its just AMD shills fear mongering.

If you believe their bullshit, you HAVE to disable hyperthreading to be secure, and all the major patches combined will tank your gaming performance but 20%+, which is just blatantly not true. But they don't care.

Found one of the AMD shills I mentioned.

Has no idea what he's talking about, or more likely, he knows he's lying, but he needs to make AMD look better, so its "justified" in his mind.

>Don't run shitty software = you are safe. Browser = insecure as per definition.
So if I use a browser (even right now), am I already compromised and it shouldn't be worse if I ran shitty software? Since I am already compromised because of browser, rgiht?

[ ] you understand how browsers were patched
[x] you are totally clueless

I don't even care about Intel vs. AMD. Nobody fully understands the chip anymore and I doubt that Intel was faster *only* because they skipped some checks.

For example the official spectre and meltdown script can easily be executed in hundreds of thousands to millions of outdated/unpatched intel systems and have the most recent data in RAM literally ripped out without the user knowing, right?

Tell me what, does anyone know what this part of the script does? Not full script btw (I have all 10+ script variants updated with ridl to bypass browser update mitigations but won't post them).

var TABLE1_STRIDE = 1; var TABLE1_BYTES = 3; var probeTable = ['alpha', 'beta', 'corky']; var simpleByteArray = [0x00, 0x01, 0x02]; var localJunk; var index = 0; if (index < simpleByteArray.length) { index = simpleByteArray[index | 0]; index = (((index * TABLE1_STRIDE) | 0) & (TABLE1_BYTES - 1)) | 0; localJunk &= probeTable[index | 0] | 0; } console.log(localJunk);

Attached: 1543633856632.png (548x666, 361K)

Every major browser has been patched almost a year ago rendering all the microcode and OS patches without purpose IF you only execute binaries that you actually trust.

i don't know if you've noticed this but Jow Forums has been the fucking maginot line for the last six months because both intel and amd are pouring money into marketing when they don't usually. intel has been sitting on their laurels and finally has some semblance of competition they are not prepared for, and AMD is desparate to grab any upper hand they can in the market now that they have a competitive product

make an informed decision based on your requirements, and also don't listen to people that think sounding like Hunter S Thompson makes their argument better because they probably don't know anything about the fine details of how it works or care about pragmatic performance

Considering there are far more convenient to use exploits that are executable through a browser than meltdown or spectre? Yea no shit.

Spectre or meltdown simply aren't useful for an attack on a single person. Its insane to think someone would go through that effort for at MOST some banking credentials or personally identifying information.

You do that kind of attack against corporations to steal their IP, blueprints, or huge databases of customer information.

>"Because of this vulnerability discovery, browser vendors implemented different mitigations for this vulnerability. Some of them are meant to disable known methods for querying CPU cache state of memory slots (Javascript variables). These mitigations include the resolution reduction of the Javascript timer performance.now() and adding jitter to its results."

>"In our research we were able to overcome the cache access timing specific mitigations. Altough these mitigations cause a serious slowdown in our POC, they are not effective in preventing this attack. These mitigations also have some negative performance implications and are hurting the functionality of some legitimate Javascript web application use-cases."

AHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA

Attached: intards_rn.webm (640x480, 253K)

Go for it OP, what are the odds of being attacked by this shit? If you are it's probably by some matrix tier hax0r and you'll be fucked anyway

are you laughing because of
>the functionality of some legitimate Javascript web application use-cases
?

as in there are no legitimate use-cases?

this script dialates the user

This it's not like there's a set of easily obtainable javascripts that can easily be implemented in any malicious ad or redirect with more than a 10% success rate in some scripts.

Attached: w.jpg (1003x700, 198K)

The RIDL javascript browser mitigation MITIGATION is real. Now intards just need a couple more mitigations to mitigate current mitigations being mitigated.

Attached: 1465101708732.jpg (800x800, 319K)

I've never turned those on since spectre was first discovered.

Attached: 1551328499258.jpg (1920x1080, 89K)

The only difference on my machine is numbers.

Essentially if I don't run an elevated crystaldiskmark I can see the difference. That's it.

>So basically, all it takes is javascript on an ad or malicious website/redirect to LITERALLY pull your passwords and banking info directly out of your RAM, correct?
> basically
no.

This more like multiple now. Honestly amazed how low level javascript can actually be.

>LITERALLY pull your passwords and banking info directly out of your RAM
That information would need to be in your RAM in the first place, which unless you're actively running that Javascript WHILE you type in your banking info, wont be an issue.

The javascript doesn't need to execute while you're typing data in. It just needs to execute AFTER. As in you type in your banking info and then have a wank or visit any other website basically.

BAM, your banking info has been pulled out of your ram and is now packaged on the dark net to be sold to the highest bidder.

Lmao, why the fuck would your banking info just be sitting in your RAM?

Do you have any idea how computers fucking work?

this user gets it. also: you'll struggle to find people that haven't patched it (end users, software vendors etc.). so even less likely to happen via javascript now that patches have been coming out for it.

>what is browser cache
Anyway your banking info and passwords SHOULD be safely encrypted in your RAM after you enter them but spectre and meltdown bypass that.

Half of this thread WILLFULLY are disabling them. Think how many run outdated windows and browsers. That's like half the planet at least.

>Half of this thread WILLFULLY are disabling them
they're not so bright, but they've got no choice when it comes to software vendors that have patched their software to prevent such an exploit from functioning at all.

>what is browser cache
Pretty sure chrome by default clears it's memory cache (not disk cache) every 300 seconds.

No, there is no banking info or passwords in RAM on any PC on the planet. And it's all purely theoretical. No attack has ever been reported.

Chrome, firefox, and edge auto update themselves. Only idiots running pale moon or other shitty forks are affected. Modern browsers are thoroughly cleansed from such vulnerabilities.

>banking info and passwords SHOULD be safely encrypted in your RAM after you enter them but spectre and meltdown bypass that.
Jesus this is so wrong it hurts.

If your password is in RAM, it is encrypted, if spectre or meltdown are used to access what's being stored in your RAM, they will see your ENCRYPTED password, not plaintext.

Sure, a nationstate actor or similar could then break your encrypted password to figure it out, but that's not something most people can do.

... aaand nothing will hapen

Attached: 1479902394498.jpg (428x376, 21K)

>Performance: GOOD
You don't really have to, I disabled those months ago because my 10 yo computer with Windows 7 had become unusable, but if you don't have performance issues why should you even care.

You smell of script kiddy. Don’t be so smug.

Also RAM is big and specter leaks info really really slowly. Couple that with randomized memory layouts and good fucking luck

yup, it's not a simple bip bop boop run spectre script and get EVERYTHING in the RAM.

t. CIA Nigger

browser js engines lack the precision timing required to abuse speculative execution
so, no

Attached: 1539445703578.jpg (464x359, 44K)

Attached: 1566331012428.jpg (1280x787, 85K)

This is an actual shill. He copy pasted this exact post full of loaded questions from another thread a while back.

underrated post

what does this mean

Attached: fsjijbvszd.png (1032x473, 100K)

it means mitigations ain't disabled

Been running with them disabled for months myself.

Attached: Untitled.png (464x359, 17K)

Oh and hi fellow i7 4790

>Performance: SLOWER
fugggggg

Attached: 1545502606004.jpg (435x512, 40K)

I have the same CPUID but this is an i7 4700MQ in a Thinkpad T440p. I have mitigations disabled because I heard Haslel takes a fair performance hit.

Attached: Clipboard01.png (464x355, 12K)

I don't even remember if I turned it on at one point and just said fuck it.

Attached: 1550765756049.png (468x359, 41K)

Are there actual people in this world that keep their passwords in RAM at all times?

Already way ahead of you OP, make sure you downgrade your microcode too for even more performance (mcupdate_GenuineIntel.dll)

Attached: 1514782153502.jpg (963x1010, 70K)

Bulldozer doesn't have these issues. My FX-8350 is still going strong and was a fraction of the price of newer intel/AMD "8 core" cpus.

I'm curious as to how many people it would really matter to if they did.
If you compromised my accounts you'd be able to send some Amazon stuff to yourself for which I'd be completely covered, you'd be able to see that nobody emails me on my three accounts, you'd get a Youtube account with a whopping few hundred subs, and a bunch of private trackers with so much buffer you couldn't hurt them if you tried.
It would literally take me 5 minutes to change the passwords and the damage to me would be zero.

Your Bulldozer is also slower than a Sandy Bridge quad.

>Your Bulldozer is also slower than a Sandy Bridge quad.
Only in gaming. Not to mention my Bulldozer was way less money than your sandy bridge. It's amazing how AMD went from the company of cheap CPUs to right on the heels of Intel as far as price jewing goes. Sad.

>Not to mention my Bulldozer was way less money than your sandy bridge

Doubtful. The 2700k system was like $170 and the 2600 was $150.

Attached: speccy.png (4071x1053, 442K)

>It's amazing how AMD went from the company of cheap CPUs to right on the heels of Intel as far as price jewing goes.
They went from making slow CPUs that only sold because they were a cheap alternative for people on a tight budget, to making something with real value that's worth similar to what Intel charges. They also sank enough money into developing it that they would probably go under if they didn't charge what they're charging.

Bulldozer was not slow at all you fucking gaming faggots. It did great when things used all cores. Jesus fuck off you gaming homos from /v/

It was cheap and hot.

Not all non-gaming loads multithread perfectly, sweaty.

>could equal an i7 in a few edge cases
>half the speed in everything else for a 10% savings on a $1000 build

Wow, what value.

>So basically, all it takes is javascript on an ad or malicious website/redirect to LITERALLY pull your passwords and banking info directly out of your RAM, correct? Also this triggers 0 anti-virus alarms as well, right?
Ok post your JS and I'll run it. Oh wait you're a fat neckbeard with no clue about this. And there never was a reported attack using these vulnerabilities. Cybersec is a scam

Retard FUD spreader

There was never an exploit in the wild for any of the dozen cpu vulnerabilities its just random researchers trying to get popular by discovering a nice attack vector and never even publishing POC. I have everything disabled on my linux box. Theres no point to the performance hit. Just disable it.

>performance: good
you have no reason to.

Unless you are a complete fucking retard, which you probably are.

Should have done so a long time ago, user.

Attached: InSpectre_23-08-2019_12-32-16.png (464x359, 19K)

Based 3770K poster

But I have a 3570k.

Cringe.

So in the end intel users have the option to get fucked or get cucked?

Attached: thinkingbird.jpg (1024x768, 218K)

>enabling js

>select all squares with traffic lights
>no lights
>skip
>select all squares with traffic lights
>still no lights
>skip
>select all squares with cars

(me)
I should note, I mean enabling ALL js.
it pains me to do it but I obviously have to enable scripts from specific sites for things like recaptcha. Other than that, you're a fool if you leave everything trusted by default.

BAM BACK FROM THE BRINK