Subject: General Tech | January 16, 2018 - 02:33 PM | Jeremy Hellstrom
Tagged: security, spectre, meltdown
The various patches released to ameliorate the damage which can be inflicted to computer systems is slowing down or crashing some systems, up to and including industrial control systems according to The Register. These issues are not specific to Windows machines, many control systems run on Linux, the vulnerabilities stem from an architectural issue and so any operating system could suffer slowdowns. Seeing your VMs slow down on Azure or AWS is rather frustrating, slow response from critical systems in a power plant could be much more than just an inconvenience. The story also has a link to a compiled list of Meltdown patches if you would like to see what is currently in development.
"Rockwell Automation revealed that the same patch had caused issues with Studio 5000, FactoryTalk View SE, and RSLinx Classic (a widely used product in the manufacturing sector). "In fairness [this] may be RPC [Remote Procedure Call] change related," said cybersecurity vulnerability manager Kevin Beaumont."
Here is some more Tech News from around the web:
- Meltdown/Spectre fixes made AWS CPUs cry, says SolarWinds @ The Register
- Kaspersky uncovers 'world's most powerful Android spyware tool' @ The Inquirer
- End of a chip boom? Memory chip price drop spooks investors @ Reuters
- Cybersecurity quiz winners rewarded with infected USB sticks, because irony @ The Inquirer
- The Red Solstice is FREE for a Limited Time! @ TechARP
- AVM FRITZ!Box 7590 Wireless Router @ Kitguru
Subject: General Tech | January 10, 2018 - 01:05 PM | Jeremy Hellstrom
Tagged: meltdown, spectre, security, antivirus, patch
If you are curious about the details behind the registry key that your Antivirus program needs to create in order to receive Windows Updates, The Register describes its purpose here. In essence, modern AV programs regularly access the kernel to look for suspicious activity and become quite upset when they are not allowed to access it after the patch places the kernel in isolation, upset enough to continually crash your computer. Ensuring your AV software has updated itself to ensure that this does not occur before allowed the Windows patch to install is a good thing, however there is a serious problem with the way Microsoft decided to deal with the situation. Until that key is present, you will not be able to install any new security patches; something which should be changed ASAP as it could help spread other infections simply because you had the temerity not to use Windows Defender.
"Microsoft's workaround to protect Windows computers from the Intel processor security flaw dubbed Meltdown has revealed the rootkit-like nature of modern security tools."
Here is some more Tech News from around the web:
- Spectre and Meltdown not a concern for mobile says Qualcomm @ Electronics Weekly
- Meltdown and Spectre Patches Bricking Ubuntu 16.04 Computers @ Slashdot
Subject: General Tech | January 9, 2018 - 12:52 PM | Jeremy Hellstrom
Tagged: spectre, security, meltdown, krzanich, Intel
If you were worried about the reports you've heard of Athlon processors crashing after the Windows updates pushed to mitigate Spectre and Meltdown or about the performance hits these may cause certain workloads, consider the poor sysadmin that listened to Intel's keynote speech at CES. Brian Krzanich has promised patches for 90% of the affected processors by the end of the week, with the remainder by the end of this month. Such a quick response is wonderful from a security standpoint but one wonders how much stability and compatibility testing could have been done in just a few days. The acronym for the Intel Product Assurance and Security team may be very appropriate for some companies. Let us hope it does indeed go smoothly.
"Krzanich has promised that the firm will patch "90 per cent" of affected processors made in the past five years by the end of this week, adding that the remaining 10 per cent would see fixes by the end of the month."
Here is some more Tech News from around the web:
- Microsoft Says No More Windows Security Updates Unless AVs Set a Registry Key @ Slashdot
- Bad docs and blue screens make Microsoft suspend Spectre patch for AMD machines @ Ars Technica
- With WPA3, Wi-Fi Security is About To Get a Lot Tougher @ Slashdot
- Take notebooks: About those new Thinkpads... @ The Register
- Intel reveals 49 qubit quantum chip bringing it neck and neck with Google and IBM @ The Inquirer
- Micron, Intel consciously uncouple 3D NAND development @ The Register
Subject: Processors | January 8, 2018 - 07:24 PM | Jeremy Hellstrom
Tagged: meltdown, security, linux, nvidia
Thanks to a wee tech conference going on, performing a wide gamut of testing of the effect of the Meltdown patch is taking some time. Al has performed benchmarks focusing on the performance impact the patch has on your storage subsystem, which proved to be very minimal. Phoronix are continuing their Linux testing, the latest of which focuses on the impact the patch has on NVIDIA GPUs, specifically the GTX 1060 and GTX 1080 Ti. The performance delta they see falls within measurement error levels; in other words there is no measurable impact after the patch was installed. For now it seems the most impact this patch has is for scientific applications and hosting providers which use select high I/O workloads and large amounts of virtual machines. For now the cure to Meltdown is nowhere near as bad as what it protects against for most users ... pity the same cannot be said for Spectre.
"Earlier this week when news was still emerging on the "Intel CPU bug" now known as Spectre and Meltdown I ran some Radeon gaming tests with the preliminary Linux kernel patches providing Kernel Page Table Isolation (KPTI) support. Contrary to the hysteria, the gaming performance was minimally impacted with those open-source Radeon driver tests while today are some tests using the latest NVIDIA driver paired with a KPTI-enabled kernel."
Here are some more Processor articles from around the web:
- Patched Desktop PC: Meltdown & Spectre Benchmarked @ Techspot
- Benchmarking Linux With The Retpoline Patches For Spectre @ Phoronix
- Battle of the 16-cores: Intel’s Core i9-7960X vs. AMD’s Threadripper 1950X @ Techgage
Subject: Storage | January 5, 2018 - 08:45 PM | Allyn Malventano
Tagged: RS4, RS3, patch, meltdown, KB4056892, cpu, 960 EVO, 900P, 850 EVO
While the Meltdown announcements and patches were in full swing, I was busily testing a round of storage devices to evaluate the potential negative impact of the Meltdown patch. Much of the testing we've seen has come in the form of Linux benchmarks, and today we saw a few come out on the Windows side of things. Most of the published data to date shows a ~20% performance hit to small random accesses, but I've noted that the majority of reviewers seem to be focusing on the Samsung 950/960 series SSDs. Sure these are popular devices, but when evaluating changes to a storage subsystem, it's unwise to just stick with a single type of product.
Test conditions were as follows:
- ASUS Prime Z270-A + 7700K
- C-States disabled, no overclock.
- ASUS MCE disabled, all other clock settings = AUTO.
- Intel Optane 900P 480GB (Intel NVMe driver)
- Samsung 960 EVO 500GB (Samsung NVMe driver)
- Samsung 850 EVO 500GB (Intel RST driver)
- NTFS partition.
- 16GB test file. Sequential conditioning.
- Remainder of SSD sequentially filled to capacity.
The first results come from a clean Windows Redstone 3 install compared to a clean Windows 10 Redstone 4 (build 17063), which is a fast ring build including the Meltdown patch:
The 960 EVO comes in at that same 20% drop seen elsewhere, but check out the 850 EVO's nearly 10% *increase* in performance. The 900P pushes this further, showing an over 15% *increase*. You would figure that a patch that adds latency to API calls would have a noticeable impact on a storage device offering extremely low latencies, but that did not end up being the case in practice.
Since the 960 EVO looked like an outlier here, I also re-tested it using the Microsoft Inbox NVMe driver, as well as by connecting it via the chipset (which uses the Intel RST driver). A similar drop in performance was seen in all configurations.
The second set of results was obtained later, taking our clean RS3 install and updating it to current, which at the time included the Microsoft roll-up 01-2018 package (KB4056892):
Note that the results are similar, though Optane did not see as much of a boost here. It is likely that some specific optimizations have been included in RS4 that are more beneficial to lower latency storage devices.
As a final data point, here's what our tests look like with software polling implemented:
The above test results are using an application method that effectively bypasses the typical interrupt requests associated with file transfers. Note that the differences are significantly reduced once IRQs are removed from the picture. Also note that kernel API calls are still taking place here.
Well there you have it. Some gain and some lose. Given that a far lower latency device (900P) sees zero performance hit (actually gaining speed), I suspect that whatever penalty associated with Meltdown could be easily optimized out via updates to the Windows Inbox and Samsung NVMe drivers.
Subject: General Tech, Graphics Cards | January 5, 2018 - 02:59 PM | Jeremy Hellstrom
Tagged: meltdown, spectre, geforce, quadro, NVS, nvidia, tesla, security
If you were wondering if NVIDIA products are vulnerable to some of the latest security threats, the answer is yes. Your Shield device or GPU is not vulnerable to CVE-2017-5754, aka Meltdown, however the two variants of Spectre could theoretically be used to infect you.
Variant 1 (CVE-2017-5753): Mitigations are provided with the security update included in this bulletin. NVIDIA expects to work together with its ecosystem partners on future updates to further strengthen mitigations.
Variant 2 (CVE-2017-5715): Mitigations are provided with the security update included in this bulletin. NVIDIA expects to work together with its ecosystem partners on future updates to further strengthen mitigations.
Variant 3 (CVE-2017-5754): At this time, NVIDIA has no reason to believe that Shield TV/tablet is vulnerable to this variant.
The Android based Shield tablet should be updated to Shield Experience 5.4, which should arrive before the end of the month. Your Shield TV, should you actually still have a working on will receive Shield Experience 6.3 along the same time frame.
The GPU is a little more complex as there are several product lines and OSes which need to be dealt with. There should be a new GeForce driver appearing early next week for gaming GPUs, with HPC cards receiving updates on the dates you can see below.
There is no reason to expect Radeon and Vega GPUs to suffer from these issues at this time. Intel could learn a bit from NVIDIA's response, which has been very quick and includes ther older hardware.
Subject: General Tech | January 5, 2018 - 02:22 PM | Jeremy Hellstrom
Tagged: Intel, spectre, meltdown, antivirus, security, KB4056892
Microsoft are now pushing out an update to mitigate some of the security issues that Meltdown takes advantage of, but there is a small problem. KB4056892 may cause your machine to BSoD depending on the anti-virus software you use so it is not recommended you install the update manually. Windows Update looks for a registry entry on your machine, which indicates your AV software has updated and is compatible with the patch, so far Symantec, F-Secure, Avast, and Windows Defender have all updated. If you are curious, The Register has posted the key in this story so you can check for yourself if you are ready to update and make the change if not.
It is something you should be doing soon, as this is a serious vulnerability which is only somewhat mitigated by the patch but at least this attack will not be successful.
"Microsoft has released updates for Windows to block attempts by hackers and malware to exploit the Meltdown vulnerability in Intel x86-64 processors – but you will want to check your antivirus software before applying the fixes."
Here is some more Tech News from around the web:
- When F00F Bug Hit 20 Years Ago, Intel Reacted the Same Way @ Slashdot
- Quick Facts about Meltdown and Spectre @ [H]ard|OCP
- Samsung topples Intel as semiconductor top dog, but lead 'literally built on sand' @ The Register
- Scaling Raven Ridge with David Kanter: The TR Podcast 191
- Intel facing multiple class-action lawsuits over Meltdown' and 'Spectre' chip flaws @ The Inquirer
- Wine Takes Minor Performance Hit Running Windows Programs On Linux With KPTI @ Phoronix
- HP recalls even more laptop batteries because, you know, fire @ The Inquirer
Subject: Processors | January 4, 2018 - 01:15 PM | Jeremy Hellstrom
Tagged: linux, spectre, meltdown, Intel
As the Linux patch for the Intel kernel issue is somewhat more mature than the Windows patch which was just pushed out, and because the patch may have more impact on hosting solutions than gaming machines, we turn to Phoronix for test results. Their testing overview looks at both Intel and AMD, as the PTI patch can be installed on AMD systems and it is not a bad idea to do so. The results are somewhat encouraging, CPUs with PCID (Process Context ID) such as Sandy Bridge and newer seem to see little effect from the patch, network performance seems unchanged and Xeon's see far less of an effect across the board than desktop machines. That is not to say there is no impact whatsoever, in synthetic benchmarks which make frequent system calls or depend on optimized access to the kernel they did see slowdowns; thankfully those workloads are not common for enthusiast software. Expect a lot more results from both Windows and Linux over the coming weeks.
"2018 has been off to a busy start with all the testing around the Linux x86 PTI (Page Table Isolation) patches for this "Intel CPU bug" that potentially dates back to the Pentium days but has yet to be fully disclosed. Here is the latest."
Here are some more Processor articles from around the web:
- Testing Windows 10 Performance Before and After the Meltdown Flaw Emergency Patch @ TechSpot
- 2nd-Gen Core i7 vs. 8th-Gen Core i7: RIP Sandy Bridge @ Techspot
- Intel Core i7 8700k @ Modders-Inc
- Ryzen Mobile Finally Arrives: AMD Ryzen 5 2500U @ Techspot
- Intel Core i9-7900X 3.3 GHz @ TechPowerUp
- The Best CPUs: This is what you should get @ Techspot
Subject: General Tech | January 4, 2018 - 11:28 AM | Alex Lustenberg
Tagged: Z370, Vega, spectre, msi, meltdown, Koolance, Kaby Lake G, google wifi, cord cutting, apple, Android, 400A-S, podcast
PC Perspective Podcast #482 - 1/04/18
Join us for discussion on Spectre, Meltdown, Cord Cutting, and more!
The URL for the podcast is: http://pcper.com/podcast - Share with your friends!
- iTunes - Subscribe to the podcast directly through the iTunes Store (audio only)
- Google Play - Subscribe to our audio podcast directly through Google Play!
- RSS - Subscribe through your regular RSS reader (audio only)
- MP3 - Direct download link to the MP3 file
Hosts: Ryan Shrout, Jermey Hellstrom, Josh Walrath, Allyn Malventano
Peanut Gallery: Ken Addison, Alex Lustenberg
Program length: 1:01:54
0:02:15 PCPer Mailbag #24 - 12/29/2017
Week in Review:
0:03:27 Just Picked Up: Google Wifi x4
News items of interest:
0:48:00 The top 20 games of 2017?
Picks of the Week:
Subject: Processors | January 3, 2018 - 08:17 PM | Ryan Shrout
Tagged: Intel, amd, arm, meltdown, spectre, security
The following story was originally posted on ShroutResearch.com.
UPDATE 1 - 8:25pm
Just before the closing bell on Wednesday, Intel released a statement responding to the security issues brought up in this story. While acknowledging that these new security concerns do exist, the company went out of its way to insinuate that AMD, Arm Holdings, and others were at risk. Intel also states that performance impact on patched machines “should not be significant and will be mitigated over time.”
Intel’s statement is at least mostly accurate though the released report from the Google Project Zero group responsible for finding the security vulnerability goes into much more detail. The security issue concerns a feature called “speculative execution” in which a computer tries to predict work that will be needed beforehand to speed up processing tasks. The paper details three variants of this particular vulnerability, the first of which applies to Intel, AMD, Arm, any nearly every other modern processor architecture. This variant is easily patched and should have near-zero effect on performance.
The second variant is deeply architecture specific, meaning attackers would need a unique code for each different Intel or AMD processor. This example should be exceedingly rare in the wild, and AMD goes as far as to call it a “near-zero” risk for systems.
The third is where things are more complex and where the claim that AMD processors are not susceptible is confirmed. This one is the source of the leaks and information that filtered out and was the target of the information for the story below. In its statement, AMD makes clear that due to architectural design differences on its products, past and modern processors from its family are not at risk.
The final outlook from this story looks very similar to how it did early on Wednesday though with a couple of added wrinkles. The security report released by Project Zero indicates that most modern hardware is at risk though to different degrees based on the design of the chips themselves. Intel is not alone in this instance, but it does have additional vulnerabilities that other processor designs do not incur. To insinuate otherwise in its public statement is incorrect.
As for performance impact, most of the initial testing and speculation is likely exaggerating how it will change the landscape, if at all. Neither Intel nor AMD see a “doomsday” scenario of regressing computing performance because of this security patch.
At the end of 2017, Intel CEO Brian Krzanich said his company would be going through changes in the New Year, becoming more aggressive, and taking the fight to its competitors in new and existing markets. It seems that BK will have his first opportunity to prove out this new corporate strategy with a looming security issue that affects nearly 10 years of processors.
A recently revealed hardware bug in Intel processors is coming to light as operating system vendors like Microsoft and the Linux community scramble to update platforms to avoid potential security concerns. This bug has been rumored for some time, with updates to core Linux software packages indicating that a severe vulnerability was being fixed, but with comments redacted when published. Security flaws are often kept secret to avoid being exploited by attackers until software patches are available to correct them.
This hardware-level vulnerability allows user-mode applications, those run by general consumers or businesses, to potentially gain access to kernel-level memory space, an area that is handled by the operating system exclusively and can contain sensitive information like passwords, biometrics, and more. An attacker could use this flaw to potentially access other user-mode application data, compromising entire systems with bypass around integrated operating system firewalls.
At a time when Intel is being pressured from many different angles and markets, this vulnerability and hardware bug comes at an incredibly inopportune time. AMD spent its 2017 releasing competitive products in the consumer space with Ryzen and the enterprise space with EPYC. The enterprise markets in particular are at risk for Intel. The EPYC processors already offered performance and pricing advantages and now AMD can showcase security as none of its processor are affected by the same vulnerability that Intel is saddled with. Though the enterprise space works in cycles, and AMD won’t see an immediate uptick in sales, I would be surprised if this did not push more cloud providers and large scale server deployments to look at the AMD offerings.
At this point, only the Linux community has publicly discussed the fixes taking place, with initial patches going out earlier this week. Much of the enterprise and cloud ecosystem runs on Linux-based platforms and securing these systems against attack is a crucial step. Microsoft has yet to comment publicly on what its software updates will look like, when they will be delivered, and what impact they have might on consumer systems.
While hardware and software vulnerabilities are common in today’s connected world, there are two key points that make this situation more significant. First, this is a hardware bug, meaning that it cannot be fixed or addressed completely without Intel making changes to its hardware design, a process that can take months or years to complete. As far as we can tell, this bug will affect ALL Intel processors released in the last decade or more, including enterprise Xeon processors and consumer Core and Pentium offerings. And as Intel has been the dominate market leader in both the enterprise and consumer spaces, there are potentially hundreds of millions of affected systems in the field.
The second differentiating point for this issue is that the software fix could impact the performance of systems. Initial numbers have been claiming as much as a 30% reduction in performance, but those results are likely worst case scenarios. Some early testing of the updated Linux platforms indicate performance could decrease from 6-20% depending on the application. Other testing of consumer workloads including gaming show almost no performance impact. Linux founder and active developer Linus Torvalds claims performance impact would range from nothing to “double-digit slowdowns.”
Even though the true nature of this vulnerability is still tied behind non-disclosure agreements, it is unlikely that there will be a double-digit performance reduction on servers at a mass scale when these updates are pushed out. Intel is aware of this vulnerability and has been for some time, and financially it would need to plan for any kind of product replacement or reimbursement campaign it might undertake with partners and customers.