Language Selection

English French German Italian Portuguese Spanish

Security: Updates, AMD, Intel, IBM/Power, Blender 3D, CES and More

Filed under
Security
  • Security updates for Friday
  • AMD processors: Not as safe as you might have thought

    In a posting. Mark Papermaster, AMD's CTO, admitted Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors. But, Papermaster wrote, "We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue."

  •  

  • AMD CPUs Are Potentially Vulnerable To Spectre / Variant 2

    Last week in light of the Spectre disclosure. AMD believed they were at "near zero risk" to Variant Two / Branch Target Injection. But now the company confirmed last night that's not the case: they are at least potentially vulnerable.

  • AMD Confirms Its Chips Are Affected By Spectre Flaw, Starts Pushing Security Patches
  • Intel Releases Linux CPU Microcodes To fix Meltdown & Spectre Bugs

    On January 8th Intel released new Linux Processor microcode data files that can be used to mitigate the Spectre and and Meltdown vulnerabilities in Intel CPUs. Using microcode files, an operating system can fix known bugs in Intel CPU without having to perform a BIOS update on the computer.

  • Power Systems And The Spectre And Meltdown Threats

    Speculative execution is something that has been part of modern processors for well over a decade, and while it is hard to quantify how much of a performance benefit this collection of techniques have delivered, it is obviously significant enough that all CPUs, including IBM Power and System z chips, have them. And that, as the new Spectre and Meltdown security holes that were announced by Google on January 3 show, turns out to be a big problem.

    Without getting too deep into the technical details, there are many different ways to implement speculative execution, which is used to keep the many instruction pipelines and layers of cache in a processor busy doing what is hoped will be useful work. So much of what a computer does is an IF-THEN-ELSE kind of branch, and being able to pre-calculate the answers to multiple possible branches in an instruction stream is more efficient than following each path independently and calculating the answers in series. The speculative part of the execution involves using statistics to analyze patterns in data and instructions underneath an application and guessing which branches and data will be needed. If you guess right a lot of the time, then the CPU does a lot more work than it might otherwise. There are no modern processors (except for the PowerPC A2 chips used in the BlueGene/Q supercomputers from IBM) that we can find that don’t have speculative execution in some form or another, and there is no easy way to quantify how much of a performance boost it gives.

  • Blender 3D open source platform plagued with arbitrary code vulnerabilities

    Cisco Talos researchers identified multiple unpatched vulnerabilities in the Blender Open Source 3D creation suite that could allow an attacker to run arbitrary code.

  • Technologies That Secure the Home, WiFi and More Debut at CES 2018
  • What is the Future of Wi-Fi?
  • Spectre and Meltdown Attacks Against Microprocessors

    This is bad, but expect it more and more. Several trends are converging in a way that makes our current system of patching security vulnerabilities harder to implement.

  • Four Tips for a More Secure Website

    Security is a hot topic in web development with great reason. Every few months a major website is cracked and millions of user records are leaked. Many times the cause of a breach is from a simple vulnerability that has been overlooked. Here are a few tips to give you a quick overview of standard techniques for making your websites more secure. Note: I do not guarantee a secure website if you follow these suggestions, there are many facets to security that I don’t even touch in this article. This write-up is for increasing awareness about techniques used to correct some common vulnerabilities that appear in web applications.

  • What is DevSecOps? Developing more secure applications

    The simple premise of DevSecOps is that everyone in the software development life cycle is responsible for security, in essence bringing operations and development together with security functions. DevSecOps aims to embed security in every part of the development process. It is about trying to automate core security tasks by embedding security controls and processes early in the DevOps workflow (rather than being bolted on at the end). For example, this could be the case when migrating to microservices, building out a CI/CD pipeline, compliance automation or simply testing cloud infrastructure.

More in Tux Machines

BSD: FreeBSD 12.0 Beta and Upgrading OpenBSD with Ansible

Graphics: XRGEARS and Arcan's Latest

  • XRGEARS: Infamous "Gears" Now On VR Headsets With OpenHMD, Vulkan
    Well, the virtual reality (VR) demo scene is now complete with having glxgears-inspired gears and Utah teapot rendering on VR head mounted displays with the new XRGEARS. Kidding aside about the gears and teapot, XRGEARS is a nifty new open-source project with real value by Collabora developer Lubosz Sarnecki. XRGEARS is a standalone VR demo application built using the OpenHMD initiative for tracking and Vulkan for rendering. XRGEARS supports both Wayland and X11 environments or even running off KMS itself. This code also makes use of VK_EXT_direct_mode_display with DRM leasing.
  • Arcan versus Xorg – Approaching Feature Parity
    This is the first article out of three in a series where I will go through what I consider to be the relevant Xorg feature set, and compare it, point by point, to how the corresponding solution or category works in Arcan. This article will solely focus on the Display Server set of features and how they relate to Xorg features, The second article will cover the features that are currently missing (e.g. network transparency) when they have been accounted for. The third article will cover the features that are already present in Arcan (and there are quite a few of those) but does not exist in Xorg.
  • Arcan Display Server Is Nearing Feature Parity With The X.Org Server
    The Arcan display server, which started off years ago sounding like a novelty with being a display server built off a game engine in part and other interesting features, is nearing feature parity with the X.Org Server. While most hobbyist display server projects have failed, Arcan has continued advancing and with an interesting feature set. Recently they have even been working on a virtual reality desktop and an interesting desktop in general. Arcan is getting close to being able to offering the same functionality as a traditional X.Org Server. If you are interested in a lengthy technical read about the differences between Arcan and X.Org, the Arcan developers themselves did some comparing and contrasting when it comes to the display support, windowing, input, font management, synchronization, and other areas.

CoC/Systemd Supremacy Over Linux Kernel

  • New Linux Code of Conduct Revisions: CoC Committee Added Plus Interpretation & Mediator
    The Linux Code of Conduct introduced last month that ended up being quite contentious will see some revisions just ahead of the Linux 4.19 stable kernel release. Greg Kroah-Hartman has outlined the planned changes as well as a new Code of Conduct Interpretation document. In the weeks since the Linux kernel CoC was merged, various patches were proposed but none merged yet. It turns out Greg KH was working in private with various kernel maintainers/developers on addressing their feedback and trying to come up with solutions to the contentious issues in private.
  • Some kernel code-of-conduct refinements
    Greg Kroah-Hartman has posted a series of patches making some changes around the newly adopted code of conduct. In particular, it adds a new document describing how the code is to be interpreted in the kernel community.
  • Systemd Adds Feature To Fallback Automatically To Older Kernels On Failure
    Systemd's latest feature is the concept of "boot counting" that will track kernel boot attempts and failures as part of an automatic boot assessment. Ultimately this is to provide automatic fallback to older kernels should a newer kernel be consistently failing. The feature was crafted over the past few months by Lennart Poettering himself to provide a way when making use of systemd-boot on UEFI systems it can automatically fallback to an older kernel if a newer kernel is consistently causing problems. This is treated as an add-on to the Boot Loader Specification. The systemd boot assessment is designed that it could also be used by non-UEFI systems and other boot platforms.

ODROID 'Hacker Board'

  • ODROID Rolling Out New Intel-Powered Single Board Computer After Trying With Ryzen
    While ODROID is most known for their various ARM single board computers (SBCs), some of which offer impressive specs, they have dabbled in x86 SBCs and on Friday announced the Intel-powered ODROID-H2. In the announcement they mentioned as well they were exploring an AMD Ryzen 5 2500U powered SBC computer, which offered fast performance but the price ended up being prohibitive. After the falling out with Ryzen over those cost concerns, they decided to go ahead with an Intel Geminilake SoC. Geminilake is slower than their proposed Ryzen board, but the price was reasonable and it ends up still being much faster than ODROID's earlier Apollolake SBC.
  • Odroid-H2 is world’s first Gemini Lake hacker board
    Hardkernel unveiled the Odroid-H2, the first hacker board with an Intel Gemini Lake SoC. The Ubuntu 18.10 driven SBC ships with 2x SATA 3.0, 2x GbE, HDMI and DP, 4x USB, and an M.2 slot for NVMe. When the Odroid-H2 goes on sale in November at a price that will be “higher than $100,” Hardkernel will join a small group of vendors that have launched a community backed x86-based SBC. This first open spec hacker board built around Intel’s new Gemini Lake SoC — and one of the first Gemini Lake SBCs of any kind — follows earlier Arm-based Odroid winners such as the Odroid-C2 Raspberry Pi pseudo clone and the octa-core Odroid-XU4.