Google’s Meltdown/Spectre Patch

Google: Our brilliant Spectre fix dodges performance hit, so you should all use it

ZDNet – By: Liam Tung – “Google’s ‘moonshot’ fix for the hardest-to-solve of the three Meltdown and Spectre CPU attacks seems to have paid off.

That fix, called Retpoline, addresses Variant 2 of the two Spectre CPU attacks called ‘branch target injection’. Variant 2 is considered by Microsoft and Google to be the trickiest speculative execution vulnerability to fix as it’s the only one that does cause a significant hit on CPU performance.

It is also the scariest threat to virtualized environments in the cloud for its potential to be used to hop between different instances on the same CPU.

The other way of fixing Variant 2 is via a blend of OS/kernel fixes and silicon microcode from Intel and AMD, but Google contends its software-based Retpoline answer is superior and should be adopted universally.

Google last week said Retpoline generally had ‘negligible impact on performance’ and has now outlined the specific impact for Google Cloud Platform services.

Ben Treynor Sloss, the VP of Google’s 24×7, said for several months it looked like the only option to fix Variant 2 would be to disable the performance-enhancing speculative execution CPU feature, which in turn would result in slower cloud applications.

Google had already patched Variant 1, also a Spectre attack, and Variant 3 aka Meltdown by September, with Variant 2 standing out until December. These first two fixes had ‘no perceptible impact’ on GCP or services like Gmail, Search and Drive, but the fix for Variant 2 did.

Intel initially denied reports that its Meltdown and Spectre fixes would cause a major hit on CPU performance, but yesterday admitted ‘impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique’.

Sloss says during tests at Google, disabling the vulnerable CPU enhancements — that is, speculative execution — did result in ‘considerable slowdowns’.

‘Not only did we see considerable slowdowns for many applications, we also noticed inconsistent performance, since the speed of one application could be impacted by the behavior of other applications running on the same core. Rolling out these mitigations would have negatively impacted many customers,’ he wrote.

Microsoft’s analysis of the patches’ impact on PC, server and cloud performance came to a similar conclusion.

‘In general, our experience is that Variant 1 and Variant 3 mitigations have minimal performance impact, while Variant 2 remediation, including OS and microcode, has a performance impact,’ wrote Terry Myerson, executive vice president of Microsoft’s Windows and Devices Group.

Paul Turner, Retpoline’s creator, has provided a detailed write-up on the fix. The term is a portmanteau of ‘return’ and ‘trampoline’.

‘Retpoline sequences are a software construct which allow indirect branches to be isolated from speculative execution. This may be applied to protect sensitive binaries (such as operating system or hypervisor implementations) from branch target injection attacks against their indirect branches,’ explains Turner.

Retpoline is a stable fix too, according to Sloss, who says that since wrapping up all Meltdown and Spectre bugs for Google Cloud Platform in December, it hasn’t receive a single support ticket related to the updates.

‘This confirmed our internal assessment that in real-world use, the performance-optimized updates Google deployed do not have a material effect on workloads,’ he wrote.

‘We believe that Retpoline-based protection is the best-performing solution for Variant 2 on current hardware. Retpoline fully protects against Variant 2 without impacting customer performance on all our platforms. In sharing our research publicly, we hope that this can be universally deployed to improve the cloud experience industry-wide.'”

Intel Broadwell and Haswell CPU Reboot Issues

More fallout from Meltdown/Spectre.

Intel Security Issue Update: Addressing Reboot Issues

Intel Newsroom – By: Navin Shenoy – “As Intel CEO Brian Krzanich emphasized in his Security-First Pledge, Intel is committed to transparency in reporting progress in handling the Google Project Zero exploits.

We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to discuss the issue.

End-users should continue to apply updates recommended by their system and operating system providers.”

Geek Software of the Week: iCast2!

This is an iPhone/iPad app to broadcast to a Streaming Internet Radio Station. A similiar app for Android is: BroadcastMySelf/Pro

iCast 2 – By Imperative Apps Pty Ltd

“iCast is the must have app for the internet broadcaster wanting to take their show on the road. Used by both the seasoned broadcaster and those seeking an entry point into the world of online broadcasting; iCast is popular amongst field correspondents to stream live interviews and is also used in a variety of not so obvious environments such as theme parks to provision live roaming announcers throughout their facilities, auctioneers use it to broadcast auctions to remote bidders and community event hosts stream live over the Internet. Use it stand alone with just your phone, add an external microphone or headset and even plug it into your compatible mixer in the studio, the possibilities are endless.”

Kodak Announces a Bitcoin Miner System!

Kodak KashminerKodak just keeps making news at CES 2018!

Kodak bitcoin miner on display at CES 2018

ZDNet – By: Corinne Reichert – “A Kodak-branded bitcoin miner labelled the ‘KashMiner’ has been displayed at the photography company’s booth at CES 2018, with Kodak Blockchain Project licensee Spotlite Energy Systems of California showcasing the product.

According to the Kodak licensee, an upfront payment of $3,400 for a two-year contract would lead to bitcoin production value of around $375 per month at current bitcoin value.

The partnership would provide the licensee with half of the resulting $9,000 made over the 24-month period.

Bitcoin production would reach around $25 per day on the Kodak Bitcoin HashPower Upfront Payment Plan.

The Kodak-licensed bitcoin miner was showcased on the same day that Kodak announced its own KodakCoin cryptocurrency utilising blockchain security technology, which it said is aimed at enabling image rights management for photographers.

The camera company’s ‘photo-centric’ cryptocurrency is being launched under a licensing partnership with Wenn Digital, and will also involve a blockchain-backed image rights management platform called KodakOne.

In an interview on the sidelines of CES 2018, Wenn Digital CMO Bruce Elliott told ZDNet that Kodak and Wenn have had a team of 20 people working on the KodakCoin project for ‘months and months’.

‘We can get a photo, lock it into our blockchain, then we can sort of assign the IP [intellectual property] to the individual, then we can look through the entire internet and find where that photo is being used, and if it’s not being used correctly, then we can reach out to them with an automated system that says, ‘hey, you might not have known that you’re using this photo without a licence, why don’t you get a licence to that’, and then that money comes back and gets paid back to the photographers, and that whole transaction happens with that KodakCoin cryptocurrency,’ Elliott told media at CES.

Elliott added that the companies have taken a highly regulated approach to its project and initial coin offering (ICO).

‘We’re US companies, we’re not from some far-flung place … it’s our company here in the US that’s issued it; we’ve filed with the SEC; we’ve put all of our regulatory pieces in place; we’re not a startup, either, so because of the companies we’ve brought together, we have revenues, we’ve got staff, all those things already, and now we’re going to fill out this platform. And then we have the trusted platform of Kodak, so you put those things together and we think that really differentiates us,’ Elliott explained.”

1 2 3 4