Microsoft Rolling Out Retpoline Optimizations Update to Reduce Performance Impact of Spectre 2 Mitigations

Subject: General Tech | March 4, 2019 - 08:12 PM |
Tagged: windows udpate, spectre, security, retpoline, microsoft, meltdown, cve-2017-5715

Microsoft recently detailed its testing of retpoline optimizations present in Windows Insider Preview builds of its Windows 10 operating system (18272 and newer) and has announced that starting with Microsoft Update KB4482887 on March 1st the company will be rolling out and enabling the Google-developed Retpoline performance optimizations that reduce the performance impact of security mitigations put in place to combat Spectre Variant 2 (CVE-2017-5715). Windows 10 users running 64-bit versions of Windows 10 Build 1809 and newer will have the Retpoline optimizations installed with the KB4482887 and other updates turned on via cloud configuration in a phased rollout.

noretpolineforme.jpg

No retpoline fixups for me, at least not until Microsoft Update stops failing to install a newer build (heh). It may be time to nuke it from orbit and start fresh! If you get this error on a supported build you may have to run this PowerShell script from the Microsoft Support website to get it to work though when I tried I was not able to get PS to import the module...

As a refresher, Spectre Variant 2 is a security vulnerability related to speculative execution that requires CPU microcode as well as OS kernel updates to mitigate. Red Hat summarizes CVE-2017-5715 as “an indirect branching poisoning attack that can lead to data leakage. This attack allows for a virtualized guest to read memory from the host system.” Microsoft further clairifies:

“At a high level, the Spectre variant 2 attack exploits indirect branches to steal secrets located in higher privilege contexts (e.g. kernel-mode vs user-mode). Indirect branches are instructions where the target of the branch is not contained in the instruction itself, such as when the destination address is stored in a CPU register.”

Unfortunately, while Spectre Variant 1 was able to be patched at the OS kernel level, Spectre Variant 2 required processor microcode updates (or new hardware with different speculative execution methods) and the patches while necessary to improve security and mitigate potential attacks have an impact on performance. Last year, Google began work on “retpoline” to attempt to reduce the performance impact that these security measures have on systems. Retpoline ended up being much faster than IBRS (indirect branch restricted speculation) which is the default behavior post-mitigations but still slower than regular indirect calls / jumps (pre-mitigations). Retpoline replaces all indirect calls or jumps in kernel-mode binaries with indirect brand sequences that have safe speculation behavior, according to Microsoft. Retpoline applies to all AMD processors as well as Intel Broadwell and older architecture-based chips where the CPU RET (return from procedure) instructions do not speculate based on the contents of indirect call brand prediction. The retpoline methods allow for safe control transfers to target addresses by performing a function call, modifying the return address, and returning it. The optimizations are traditionally done at compile time with indirect calls being replaced with retpoline sequences. Microsoft stated that due to its need for legacy support and third-party driver code, such a compile-time optimization was simply not practical. Instead, Microsoft performs the retpoline optimizations at runtime. It extended the DVRT (Dynamic Value Relocation Table) format and NT Memory Manager to support the new retpoline metadata that can be added to the DVRT without breaking backwards compatibility. Speaking of backwards compatibility, the Redmond-based software giant plans to continue shipping Windows 10 as-is in a non-retpoline state to maintain wider compatibility and software support. Drivers and software that do support retpoline will be able to take advantage of the optimizations, however.

“As mentioned earlier, the Windows implementation needs to support mixed environments in which some drivers are not compiled with retpoline support. This means that we cannot simply replace every indirect call with a retpoline sequence like the example shown in the introduction. We need to ensure that the kernel gets the opportunity to inspect the target of the call or jump so that it can apply appropriate mitigations if the target does not support retpoline.” - Mehmet_Iyigun, Microsoft

DVRT metadata can store retpoline data for import calls/jumps, switchable jumps, and generic indirect calls/jumps, and then the extended NT Memory Manager infrastructure is used to understand that metadata and apply fixups / retpoline optimizations where applicable.

What does all this mean for performance though? Well, according to Microsoft and its internal testing, the company saw approximately 25% faster Microsoft Office application startup times and between a 1.5 to 2-times increase in storage and networking performance which is a notable improvement post-Spectre 2 patches. They also claimed that the performance impact has been "reduced to noise level for most situations." If you are running Windows Insider Preview 18272 or later on supporting hardware the retpoline optimizations should already be turned on for you (you can double check with PowerShell cmdlet Get-SpeculationControlSettings) and if you are running Windows 10 1809 or later the optimizations will be enabled within the first half of this year in a phased rollout.

Until we get new processors that are not affected by the various speculative execution attacks (which could be difficult if not impossible to totally eliminate just due to the nature of how those performance tricks work), optimizations like retpoline to reduce the performance impact of patches that improved security but limited full potential chip performance may well be our best bet.

Are you running one of the Windows Insider builds with retpoline enabled and noticed any increased application performance? You can check out Microsoft’s blog post with all the juicy programming details here. You can find the KB4482887 update information page here.

Related reading:

Source: Microsoft

Holla Holla for the HoloLens 2

Subject: General Tech | March 1, 2019 - 02:31 PM |
Tagged: hololens 2, microsoft, AR

The new HoloLens will set you back $3500, so the chances are slim you will convince your boss to buy one, and as it is an AR device to help with work you are not likely to pick one up for your home.  That does not make it any less interesting, using the headset a reporter from The Inquirer was able to be assisted through safely replacing a worn belt of a mock landing gear part which is apparently no small feat for the untrained.  It isn't suggested you use it to Skype your surgeon to assist in performing random appendectomies but perhaps your surgeon could be helped by a specialist from a far off location. 

Check out the new carbon fibre design and initial thoughts, as you probably won't get hands on this anytime soon.

HoloLens2RMC-540x334.jpg

"Packing a head-mounted display with all the processing power needed in the headset and the ability to mess with holograms superimposed over the real-world was undeniably a little taste of future tech sci-fi promised."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

The Return of the IntelliMouse, now playing at a theatre far far away

Subject: General Tech | February 22, 2019 - 04:32 PM |
Tagged: Pro IntelliMouse, PAW3389PRO-MS, microsoft, input

Logitech's MX518 isn't the only classic mouse which was beloved by many users, Microsoft's IntelliMouse was a standard for a long time and just like the MX518 it is coming back on the market.  The new mouse uses a custom PixArt sensor called the PAW3389PRO-MS which TechPowerUp found to be identical in performance to the more common PMW3389.  It also has shiny RGB buttocks for those that are into that sort of thing. 

There is one small problem however, it will only be released overseas so if you want one you might want to contact Microsoft!

pim_ur_fl.jpg

"Behold! The one true heir to the Microsoft IntelliMouse Explorer 3.0 has arrived: the Pro IntelliMouse. It has the exact same shape as its predecessor, which is great news for many people who loved the original. It features a top optical sensor, Omron switches rated for 20 million clicks, and an RGB tail light."

Here is some more Tech News from around the web:

Tech Talk

Source: TechPowerUp

Skip Ahead? Skip Way Ahead. Windows 10 20H1 Test Build

Subject: General Tech | February 14, 2019 - 03:23 PM |
Tagged: microsoft, windows 10

Microsoft has pushed a test build for Windows 10 20H1, which is scheduled to be publicly released around April 2020. For context, we are currently on Windows 10 18H2 and Windows 10 19H1 is expected to ship in a couple of months (~April 2019).

Microsoft still plans on shipping Windows 10 19H2 around October 2019.

microsoft-2019-insidernarwhal.png

This decision was met with snark from some of the more prominent reporters on Microsoft and Windows. One issue that was raised is how the rings will be handled going forward. Currently, there does not exist a branch that contains 19H2. It seems likely that “Skip Ahead” will never drop back to 19H2, especially since rolling back from a preview build is generally unsupported. Will Microsoft continue to have “Skip Ahead” be two builds out, “Fast” be one build out, “Slow” be at most one build out, and “Release Preview” be incremental on the current build? Or will “Skip Ahead” kind-of roll back to “Fast” once the latter catches up and they no longer need to have a feature that requires an abnormally long testing branch?

As for the changes? Not a whole lot. One that stands out is a seemingly innocuous “updating the name of the Windows Light them to be Windows (light)”. This sort-of suggests themes that will not be Windows. I could see some sort of interface or theming update taking an abnormally long time… although I somewhat doubt that is the mystery big feature.

On the other hand, it must be something that Microsoft wants actively tested. Whether that’s automated (via telemetry on a wide array of computers) or through direct feedback from their users will need to be seen.

Source: Microsoft

Unreal Engine 4.22 Preview 1 Published: Initial DXR Support

Subject: Graphics Cards | February 12, 2019 - 03:56 PM |
Tagged: pc gaming, ue4, epic games, dxr, DirectX 12, microsoft

The upcoming version of Unreal Engine, 4.22, will include several new features.

The most interesting addition for our audience is probably “Early Access” support for DirectX 12 Raytracing (DXR) on DirectX 12. This includes the low-level framework to cast and evaluate rays in shaders (although they don’t clarify whether that means written shaders, nodes for graph-based shaders, or both) as well as higher-level features that use DXR, such as area lights, soft shadows, and reflections. They have also added a denoiser for shadows, reflections, and ambient occlusion, which will improve image quality with lower sample counts.

epicgames-2019-reflections-star-wars-dxr.jpg

If you remember NVIDIA’s RTX announcement, many of their first-party demos were built using Unreal Engine 4. This includes the Star Wars demo with the two Stormtroopers putting their feet in their mouths on an elevator with their boss. It makes sense that Epic would be relatively far along in RTX support, especially just before GDC.

A few other additions include Visual Studio 2019 support (although Visual Studio 2017 is still the default). The new Unreal Audio Engine is now enabled by default for new projects, which was a complete re-write of the original system that started a few years ago. The old audio system was a bit of a mess, and, worse, varied from platform to platform.

Unreal Engine 4.22 also (experimentally) opts-in to the much longer file and paths names that were introduced with the Windows 10 Anniversary Update. The previous limit was 260 characters for a full path, which was defined as MAX_PATH in Win32. I’m not sure what the new limit is, but I think it’s 32,767 characters after expansion. I could be wrong, though.

If you have the Epic Launcher installed, whether it’s for Unreal Engine, Fortnite, something from the Epic Store, Unreal Tournament 4, or whatever, then you can check out Unreal Engine 4.22 for free. (Royalties apply under certain circumstances… but, at that point, you are making money off of it.)

Source: Epic Games

Dey turk er jurbs! Microsoft is now mocking itself?

Subject: General Tech | February 8, 2019 - 01:11 PM |
Tagged: Internet Explorer 11, office 2019, office 359, office 365, microsoft

Microsoft recently release Office 2019, along with a series of videos about why you shouldn't buy it, one of which you can see at Ars Technica if you don't want to watch them all.  It does make sense financially as you will pay for Office 359 forever, while Office 2019 is a one time purchase, but mocking your own product is a bold move.

That is not the only self inflicted mockery coming from Redmond today, as they now refer to IE 11 as "a compatibility solution" and not a web browser.  As their other browser, the one you use to install Chrome, will soon be Chromium based which the competition seems to approve of.  

Considering how hard Microsoft fought to ensure IE remained an integral part of Windows, this seems a major sea change for the company.

ur2NTO4.jpg

"In an unusual turn of events, Microsoft this week warned Windows users off from using its Internet Explorer and dissed its new Office 2019 suite in a series of videos that show it to be worse than the competition."

Here is some more Tech News from around the web:

Tech Talk

Source: Ars Technica

Skype adds an AI powered f stop-ish feature

Subject: General Tech | February 7, 2019 - 01:54 PM |
Tagged: microsoft, skype, Skype 8

If you liked the look of Sebastian's video on the Podcast, but lack the funds to order the camera he was using that let him adjust the aperture for that effect then Microsoft has good news for you.  They are bringing the AI powered background blurring effect they rolled out in Teams to Skype 8, which will be arriving the same time as the desktop version we are used to kicks the bucket.  While the move to UWP has not been well received by many, perhaps this indicates Microsoft will be focusing on improving the single remaining version of Skype.

The Inquirer reminds you why blurring your background can be a good idea, if you had forgotten about this video.

s8.PNG

"Said release is Skype version 8, the first to exclusively use the Universal Windows (tiled) standard at the expense of the more feature-rich desktop version, though Microsoft has confirmed that it will be adding more familiar features to the new edition."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Like using Skype? Microsoft is going to fix that for you

Subject: General Tech | February 1, 2019 - 04:14 PM |
Tagged: skype, microsoft, uwp

Once again Microsoft is planning to forcibly move you to the new Skype without giving you an option other than going to the competition.  For those on Windows 10, this will mean the UWP version which is pretty much incapable of calling anything other than other Windows 10 machines, and not well even then.  For those with business machines that block the Microsoft store and who haven't downgraded to Skype For Business, this means you had better start shopping around for other solutions. 

As The Inquirer has seen themselves, if you are using Skype Classic you will now be offered the choice to either upgrade or exit the application.

skype-installer.jpg

"Users have been railing against the move since it was first announced, as Skype 8 has been beset by problems, many linked to the fact that it will see Windows 10 users forced to use a UWP (Microsoft Store) version of the app, which has historically not worked very well - a point we've made many times."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Satya Nadella spotted heading into the woods with a shovel and dufflebag

Subject: General Tech | January 18, 2019 - 01:12 PM |
Tagged: microsoft, windows phone, ios, Android, cortana, Alexa

It has been an interesting week to be Microsoft, as they have had to suggest to their user base that they might be better off moving to a competitor's product.  Sebastian has already informed you about the fact that Cortana and Windows Search are going through a somewhat amicable divorce, but today we find Satya Nadella suggesting that Cortana will become an optional skill which you can choose for Alexa or Google Assistant; if you don't see any better perks for that level.  Apparently they will also "be again completely consumer businesses" by offering consumers the same licensing scheme as they forced upon enterprise businesses, of which many have expressed strong feelings about since it was introduced.

What must really burn is their admit that Windows 10 Mobile is indeed as dead as the proverbial parrot, which has forced them to suggest that current users move to a different device as Microsoft will no longer even offer token support for that OS after the end of the year.  People paying attention to this may remember that the last major update to the OS was pushed in 2017.

bad.PNG

"Microsoft's guidance for customers is to "move to a supported Android or iOS device" and use the range of Microsoft applications on one of those platforms instead."

Here is some more Tech News from around the web:

Tech Talk

Source: Ars Technica

Microsoft Separates Cortana and Search in Latest Insider Build

Subject: General Tech | January 16, 2019 - 06:08 PM |
Tagged: windows insider, windows 10, search, microsoft, cortana, build 18317

In their announcement of the latest Windows 10 insider preview build (18317) Microsoft has revealed their separation of Cortana from Search. The news was posted on the Windows Blogs site this morning:

Search_Cortana_Separation.png

Yes, this is Microsoft's official graphic from the announcement

"Going forward, we’ll be decoupling Search and Cortana in the taskbar. This will enable each experience to innovate independently to best serve their target audiences and use cases. Some Insiders have had this update for a few weeks now, and we appreciate all the feedback we’ve received about it so far! For those new to this update, when it rolls out to you, you’ll find clicking the search box in the taskbar now launches our experience focused on giving you the best in house search experience and clicking the Cortana icon will launch you straight into our voice-first digital assistant experience.

Other available Search and Cortana settings have also now been split between the two, along with the familiar group policies."

Whether or not this change means that Cortana can be removed entirely without removing Search remains to be seen, though the known processes for completely disabling/removing Cortana are currently more involved than just unchecking a box in settings, to say the least.

Source: Microsoft