L1TF/Foreshadow News and Benchmarks
-
QEMU 3.0 is now officially available. This big version bump isn't due to some compatibility-breaking changes, but rather to simplify their versioning and begin doing major version bumps on an annual basis. As an added bonus, QEMU 3.0 comes at a time of the project marking its 15th year in existence.
QEMU 3.0 does amount to being a big feature release with a lot of new functionality as well as many improvements. Changes in QEMU 3.0 include Spectre V4 mitigation for x86 Intel/AMD, improved support for nested KVM guests on Microsoft Hyper-V, block device support for active mirroring, improved support for AHCI and SCSI emulation, OpenGL ES support within the SDL front-end, improved latency for user-mode networking, various ARM improvements, some POWER9 / RISC-V / s390 improvements too, and various other new bits.
-
Announced just yesterday in security advisories from Intel, Microsoft and Red Hat, a newly discovered vulnerability affecting Intel processors (and, thus, Linux) called L1TF or “L1 Terminal Fault” is grabbing the attention of Linux users and admins. Exactly what is this vulnerability and who should be worrying about it?
-
Yesterday the latest speculative execution vulnerability was disclosed that was akin to Meltdown and is dubbed the L1 Terminal Fault, or "L1TF" for short. Here are some very early benchmarks of the performance impact of the L1TF mitigation on the Linux virtual machine performance when testing the various levels of mitigation as well as the unpatched system performance prior to this vulnerability coming to light.
-
The second development snapshot of the upcoming Phoronix Test Suite 8.2-Rakkestad to benchmark to your heart's delight on Linux, macOS, Windows, Solaris, and BSD platforms from embedded/SBC systems to cloud and servers.
-
While I haven't posted any new Threadripper 2950X/2990WX benchmarks since the embargo expired on Monday with the Threadripper 2 Linux review and some Windows 10 vs. Linux benchmarks, tests have continued under Linux -- as well as FreeBSD.
I should have my initial BSD vs. Linux findings on Threadripper 2 out later today. There were about 24 hours worth of FreeBSD-based 2990WX tests going well albeit DragonFlyBSD currently bites the gun with my Threadripper 2 test platforms. More on that in the upcoming article as the rest of those tests finish. It's also been a madhouse with simultaneously benchmarking the new Level 1 Terminal Fault (L1TF) vulnerability and the performance impact of those Linux mitigations on Intel hardware will start to be published in the next few hours.
| Mozilla: WebTorrent, Bitslicing, Firefox Security Add-on and Time Dilation
-
WebTorrent is the first torrent client that works in the browser. It’s written completely in JavaScript – the language of the web – and uses WebRTC for true peer-to-peer transport. No browser plugin, extension, or installation is required.
Using open web standards, WebTorrent connects website users together to form a distributed, decentralized browser-to-browser network for efficient file transfer. The more people use a WebTorrent-powered website, the faster and more resilient it becomes.
-
Bitslicing (in software) is an implementation strategy enabling fast, constant-time implementations of cryptographic algorithms immune to cache and timing-related side channel attacks.
This post intends to give a brief overview of the general technique, not requiring much of a cryptographic background. It will demonstrate bitslicing a small S-box, talk about multiplexers, LUTs, Boolean functions, and minimal forms.
-
There is a popular browser add-on which is installed by 222,746 Firefox users according to Mozilla’s own statistics of add-on downloads. According to a German security blogger, Mike Kuketz, and the author of uBlock Origin, Raymond Hill, this particular add-on has been spying on users’ activity by tapping into their browser histories and keeping track of the web pages that they visit. This add-on is the Web Security extension for the Mozilla Firefox browser.
Web Security is designed to protect users from online phishing and malware attacks that could potentially steal personal information. This comes across as ironic as the extension is found to be unethically keeping tabs (pun intended) on your own information, evading your privacy without your consent. The reason that this news is hitting the stands so massively is that the add-on was publicized by Mozilla itself in a blog post just last week. The add-on boasts fantastic reviews and that’s why it is used so widely by so many people too.
-
I riffed on this a bit over at twitter some time ago; this has been sitting in the drafts folder for too long, and it’s incomplete, but I might as well get it out the door. Feel free to suggest additions or corrections if you’re so inclined.
You may have seen this list of latency numbers every programmer should know, and I trust we’ve all seen Grace Hopper’s classic description of a nanosecond at the top of this page, but I thought it might be a bit more accessible to talk about CPU-scale events in human-scale transactional terms. So: if a single CPU cycle on a modern computer was stretched out as long as one of our absurdly tedious human seconds, how long do other computing transactions take?
|
Programming: Go, Agile, and Literature
-
I have been working on a pet project to write a File Indexer, which is a utility that helps me to search a directory for a given word or phrase.
The motivation behind to build this utility was so that we could search the chat log files for dgplug. We have a lot of online classes and guest session and at time we just remember the name or a phrase used in the class, backtracking the files using these are not possible as of now. I thought I will give stab at this problem and since I am trying to learn golang I implemented my solution in it. I implemented this solution over a span of two weeks where I spent time to upskill on certain aspects and also to come up with a clean solution.
-
What are the best ways for governments to improve effectiveness and efficiency? At San Jose City Hall, we’re getting traction with an unconventional approach: agile for non-technical teams. Public servants who do everything from emergency management to parks programs are finding that Agile methods help them with that most basic of challenges: Getting things done amid frequent interruptions and evolving priorities.
Last September, I proclaimed, "Scrum is the best thing that’s happened to our government team." Our innovation team of five had discovered that planning and delivering work in small increments enables us to stay focused, aligned, and continuously improving. We didn’t yet know if our experience would be replicable by other teams in our organization. We offered Agile training for 10 colleagues to see what would happen.
Nine months later, 12 teams and more than 100 staff members throughout our organization are using Agile methods to organize their work. Notably, the spread of Agile among city teams has been largely organic, not driven by top-down mandates.
-
Without question, Linux was created by brilliant programmers who employed good computer science knowledge. Let the Linux programmers whose names you know share the books that got them started and the technology references they recommend for today's developers. How many of them have you read?
[...]
Linux was developed in the 1990s, as were other fundamental open source applications. As a result, the tools and languages the developers used reflected the times, which meant a lot of C programming language. While C is no longer as popular, for many established developers it was their first serious language, which is reflected in their choice of influential books.
“You shouldn't start programming with the languages I started with or the way I did,” says Torvalds. He started with BASIC, moved on to machine code (“not even assembly language, actual ‘just numbers’ machine code,” he explains), then assembly language and C.
“None of those languages are what anybody should begin with anymore,” Torvalds says. “Some of them make no sense at all today (BASIC and machine code). And while C is still a major language, I don't think you should begin with it.”
It's not that he dislikes C. After all, Linux is written in GNU C. "I still think C is a great language with a pretty simple syntax and is very good for many things,” he says. But the effort to get started with it is much too high for it to be a good beginner language by today's standards. “I suspect you'd just get frustrated. Going from your first ‘Hello World’ program to something you might actually use is just too big of a step."
| Railway computer runs Linux on Kaby Lake
Lanner’s rugged, Linux-friendly “R6S” railway computer runs on an Intel 7th Gen Core i7-7600U chip and offers 10x M12 PoE ports, 3x mini-PCIe slots, and EN 50155 and EN 45545 certification.
The R6S uses the same dual-core, Kaby Lake Core i7-7600U CPU as Lanner’s recent V6S vehicle surveillance NVR computer and similarly offers 10x GbE ports with Power-over-Ethernet (PoE). Yet, the R6S is more specifically targeted at trains. It offers compliance with ISO 7637-2, EN 50155, and EN 45545 certifications, and has passed EN 61373/MIL-STD-810G shock and vibration resistance certifications. It also supports a wider set of applications, including “rolling stock control and monitoring, infotainment, video surveillance and fleet management.”
|
Content (where original) is available under CC-BY-SA, copyrighted by original author/s.
Recent comments
1 hour 14 min ago
1 hour 17 min ago
21 hours 2 min ago
1 day 1 hour ago
1 day 14 hours ago
1 day 18 hours ago
1 day 19 hours ago
2 days 14 hours ago
2 days 19 hours ago
2 days 23 hours ago