Some cases suggest perhaps otherwise: https://travisdowns.github.io/blog/2...-zero-opt.html

It all depends on what you're doing.

Perhaps testing on the lower/mid end affected cpus would make more sense. That would be the bulk of users getting pimp slapped, with no i9 overhead to compensate for the redness.

Still running the very last microcode right before Spectre/Meltdown, along with mitigations=disabled. Don't ask me for my IP

~ ❯ dmesg|grep microcode
[ 0.000000] microcode: microcode updated early to revision 0x22, date = 2017-01-27
[ 0.177473] SRBDS: Vulnerable: No microcode
[ 1.649123] microcode: sig=0x306c3, pf=0x2, revision=0x22
[ 1.649139] microcode: Microcode Update Driver: v2.2.
~ ❯ sudo apt-mark showhold
intel-microcode
iucode-too

-------

ctx_clock:
pts/ctx-clock-1.0.0
Test 1 of 1
Estimated Trial Run Count: 3
Estimated Time To Completion: 1 Minute [12:41 PDT]
Started Run 1 @ 12:41:33
Started Run 2 @ 12:41:38
Started Run 3 @ 12:41:42

Context Switch Time:
148
148
148

On a i5-4670K @ 4.3GHz Haswell. Winning, ain't slowing down my sh*t for no reason.

perpetually high : my Haswell era ThinkServer runs FreeBSD. It just runs the last firmware update just after the Meltdown revelation. I don't bother with adding the updated microcode. I just don't care because it's not exposed to the Internet via web browser, nor does it run anything other than Samba or code that I personally write. Now, all the rest of my systems are fully up-to-date as far as AMD, Intel, or Apple updates are concerned because they do have exposure via web browser. It all depends on your exposure surface and what or who would be your threat for that particular device. You do you.

Oh sure. Not that scary from a benchmarker's point of view.

But these are being put out to cover at east one undisclosed vulnerability of medium severity. Coincidentally, intel chose this exact month to stop offering microcode updates for ivybridge.

If it's a bad enough disclosure vulnerability (eg leaking state between browser tab processes) then it looks like the nice T430 thinkpad I just bought is going to be put out to pasture. At any rate, with continuing discovery of new CPU flaws, it looks like this beloved thinkpad's days are numbered. (same for X230, etc)

EDIT: I'd like to point out, this isn't an age thing: AMD is *perfectly happy* to support my fam15 piledriver from 2013, when necessary. (it has the advantage of not being swiss cheese) And thinkpads see a LOT more continued use among kernel devs and linux users. This is exactly what I get for going thinkpad and buying an intel product.

If that's true, (I hadn't read that closely at the rel notes) and it's not simply because Sandy & Ivy aren't vulnerable, then it's almost certainly because Intel wants to drive new system sales - assuming the customer doesn't buy AMD instead. It's a risk, because not all customers are going to be brand loyal. I think Lenovo is offering ThinkPads with AMD CPUs now with most AMD offerings being quickly sold out.

That said, if customers do still have actively used Sandy & Ivy at this point, it's unlikely dropping microcode update support is going to change many people's minds about sitting tight till they're personally ready to update. The one Sandy laptop I own isn't going to be tossed just because Intel dropped microcode update because it's pretty much irrelevant to what its used for. My current laptop isn't Intel at all.

did you drop ivybridge support ?

For sure, I'm taking a risk. But only because I'm on a desktop running behind a firewall/router and have ports closed, don't run unknown software. Literally everything I can do. If I had a laptop or another situation, I would protect myself. Coffee shop for example. WiFi + connect to VPN + mitigations=on + microcode. But my desktop, I take chances. It *cripples* performance. No sir

Ha, it's almost like getting the vaccine vs catching it in the wild.

I suppose I'm risking getting Spectre/Meltdown in the wild, as opposed to getting the vaccine (the new microcode + mitigations).

I like to live dangerously (no I'm not anti-vax, see Linus Torvalds post for my stance)

I would say "just buy AMD". For known CPU security problems you come out ahead on performance while still having the security mitigations. That's my desktop. It's a Ryzen 3600. I just let the mitigations ride because I don't notice any major slowdowns. My most used laptop is an M1 MBP which isn't immune to Spectre. But, the likelihood of the MBP being successfully attacked via the web is not as big an issue as opportunistic theft at school, airport, etc.

The comparison is more a false equivalence. Spectre isn't going to kill or cause nerve damage.