Will Arm/Atom CPUs Replace Xeon/Opteron?

Analyst are saying that smartphone chips could one day replace the Xeon and Opteron processors used in most of the world’s top supercomputers. In a paper in a paper titled “Are mobile processors ready for HPC?” researchers at the Barcelona Supercomputing Center wrote that less expensive chips bumping out faster but higher-priced processors in high-performance systems.

In 1993, the list of the world’s fastest supercomputers, known as the Top500, was dominated by systems based on vector processors. They were nudged out by less expensive RISC processors. RISC chips were eventually replaced by cheaper commodity processors like Intel’s Xeon and AMD Opteron and now mobile chips are likely to take over.

The transitions had a common thread, the researchers wrote: Microprocessors killed the vector supercomputers because they were “significantly cheaper and greener,” the report said. At the moment low-power chips based on designs ARM fit the bill, but Intel is likely to catch up so it is not likely to mean the death of x86.

The report compared Samsung’s 1.7GHz dual-core Exynos 5250, Nvidia’s 1.3GHz quad-core Tegra 3 and Intel’s 2.4GHz quad-core Core i7-2760QM – which is a desktop chip, rather than a server chip. The researchers said they found that ARM processors were more power-efficient on single-core performance than the Intel processor, and that ARM chips can scale effectively in HPC environments. On a multi-core basis, the ARM chips were as efficient as Intel x86 chips at the same clock frequency, but Intel was more efficient at the highest performance level, the researchers said.

Source

Twitter’s Authentication Has Vulnerabilities

Twitter’s SMS-based, two-factor authentication feature could be abused to lock users who have not enabled it for their accounts if attackers gain access to their log-in credentials, according to researchers from Finnish antivirus vendor F-Secure.

Twitter introduced two-factor authentication last week as an optional security feature in order to make it harder for attackers to hijack users’ accounts even if they manage to steal their usernames and passwords. If enabled, the feature introduces a second authentication factor in the form of secret codes sent via SMS.

According to Sean Sullivan, a security advisor at F-Secure, attackers could actually abuse this feature in order to prolong their unauthorized access to those accounts that don’t have two-factor authentication enabled. The researcher first described the issue Friday in a blog post.

An attacker who steals someone’s log-in credentials, via phishing or some other method, could associate a prepaid phone number with that person’s account and then turn on two-factor authentication, Sullivan said Monday. If that happens, the real owner won’t be able to recover the account by simply performing a password reset, and will have to contact Twitter support, he said.

This is possible because Twitter doesn’t use any additional method to verify that whoever has access to an account via Twitter’s website is also authorized to enable two-factor authentication.

When the two-factor authentication option called “Account Security” is first enabled on the account settings page, the site asks users if they successfully received a test message sent to their phone. Users can simply click “yes,” even if they didn’t receive the message, Sullivan said.

Instead, Twitter should send a confirmation link to the email address associated with the account for the account owner to click in order to confirm that two-factor authentication should be enabled, Sullivan said.

As it is, the researcher is concerned that this feature could be abused by determined attackers like the Syrian Electronic Army, a hacker group that recently hijacked the Twitter accounts of several news organizations, in order to prolong their unauthorized access to compromised accounts.

Some security researchers already expressed their belief that Twitter’s two-factor authentication feature in its current implementation is impractical for news organizations and companies with geographically dispersed social media teams, where different employees have access to the same Twitter account and cannot share a single phone number for authentication.

Twitter did not immediately respond to a request for comment regarding the issue described by Sullivan.

Source

Google Updates It’s SSL Certificate

Google has announced plans to upgrade its Secure Sockets Layer (SSL) certificates to 2048-bit keys by the end of 2013 to strengthen its SSL implementation.

Announcing the news on a blog post today, Google’s director of information security engineering Stephen McHenry said it will begin switching to the new 2048-bit certificates on 1 August to ensure adequate time for a careful rollout before the end of the year.

“We’re also going to change the root certificate that signs all of our SSL certificates because it has a 1024-bit key,” McHenry said.

“Most client software won’t have any problems with either of these changes, but we know that some configurations will require some extra steps to avoid complications. This is more often true of client software embedded in devices such as certain types of phones, printers, set-top boxes, gaming consoles, and cameras.”

McHenry advised that for a smooth upgrade, client software that makes SSL connections to Google, for example, HTTPS must: “perform normal validation of the certificate chain; include a properly extensive set of root certificates contained […]; and support Subject Alternative Names (SANs)”.

He also recommended that clients support the Server Name Indication (SNI) extension because they might need to make an extra API call to set the hostname on an SSL connection.

He pointed out some of the problems that the change might trigger, and pointed to a FAQ addressing certificate changes, as well as instructions for developers on how to adapt to certificate changes.

F-secure’s security researcher Sean Sullivan advised, “By updating its SSL standards, Google will make it easier to spot forged certificates.

“Certificate authorities have been abused and/or hacked in the past. I imagine it will be more difficult to forge one of these upgraded certs. Therefore, users can have more confidence.”

Source

Is This A Mobile First World?

Judging from the number of people engrossed in activities with their smartphones on the sidewalk, in their cars and in public places, mobile seems to have stolen our attention away from the wired Internet and traditional TV.

However, there is a ways to go before mobile platforms become the primary place where consumers turn for entertainment and getting things done, players at  CTIA Wireless trade show said.

Nokia Siemens Networks announced new capabilities in its network software to make video streams run more smoothly over mobile networks. Among other things, the enhancements can reduce video stalling by 90 percent, according to the company. But even Sandro Tavares, head of marketing for NSN’s Mobile Core business, sees “mobile-first” viewing habits as part of the future.

“Now that the networks are providing a better capacity, a better experience with mobile broadband, mobile-first will come,” Tavares said. “Because the experiences they have with the devices are so good, these devices … start to be their preferred screen, their first screen.

“This is a trend, and this is something that will not change,” Tavares said. But he thinks it’s too early to build networks assuming consumers will turn to tablets and phones as their primary sources of entertainment. “Do you have to be prepared for mobile-first now? Probably not. You have to be able to keep the pace.”

For AT&T, mobile-first is a top priority for its own internal apps, ensuring employees can do their jobs wherever they are, said Kris Rinne, the carrier’s senior vice president of network technologies. But to make it possible over the network, a range of new technologies and relationships may have to come together, she said.

For example, giving the best possible performance for streaming video and other uses of mobile may require steering traffic to the right network if both cellular and Wi-Fi are available. AT&T is developing an “intelligent network selection” capability to do this, Rinne said. When AT&T starts to deliver voice over LTE, it will stay on the cellular network — at least in the early days — because the carrier has more control over quality of service on that system, she said.

Other issues raised by mobile-first include security of packets going over the air and rights for content that subscribers are consuming primarily on mobile devices instead of through TV and other traditional channels, Rinne said.

Source

Should Investors Dump AMD?

If you have any old AMD shares lying around you might like to sell them as fast as you can, according to the bean counters at Goldman Sachs.

Despite the fact that the company is doing rather well, and its share price is has gone up rapidly over recent months, Goldman Sach analysts claim that the writing is on the wall for AMD. It thinks that AMD shares will be worth just $2.50 soon. The stock’s 50-day moving average is currently $2.98.

The company said that while AMD could clean up in the gaming market even if you take those figures into account the stock is trading at 22 times its 2014 CY EPS estimate. In other words the company’s core PC business is still shagged and still will generate 45 per cent of the company’s 2013 revenue.

“We therefore believe this recent move in the stock is just the latest in a long history of unsustainable rallies, and we are downgrading the stock to Sell. We believe the current multiple is unjustified for any company with such significant exposure to the secularly declining PC market,” the firm’s analyst wrote.

Analysts at Sanford C. Bernstein think that the share price will settle on $2.00 and FBR Capital Markets thinks $3.00. In other words if you want to know what is really happening at AMD you might as well ask the cat, than any Wall Street expert.

Source

AMD Touts Its Memory Architecture

AMD has said the memory architecture in its heterogeneous system architecture (HSA) will move management of CPU and GPU memory coherency from the developer’s hands down to the hardware.

While AMD has been churning out accelerated processing units (APUs) for the best part of two years now, the firm’s HSA is the technology that will really enable developers to make use of the GPU. The firm revealed some details of the memory architecture that will form one of the key parts of HSA and said that data coherency will be handled by the hardware rather than software developers.

AMD’s HSA chips, the first of which will be Kaveri, will allow both the CPU and GPU to access system memory directly. The firm said that this will eliminate the need to copy data to the GPU, an operation that adds significant latency and can wipe out any gains in performance from GPU parallel processing.

According to AMD, the memory architecture that it calls HUMA – heterogeneous unified memory access, a play on unified memory access – will handle concurrency between the CPU and GPU at the silicon level. AMD corporate fellow Phil Rogers said that developers should not have to worry about whether the CPU or GPU is accessing a particular memory address, and similarly he claimed that operating system vendors prefer that memory concurrency be handled at the silicon level.

Rogers also talked up the ability of the GPU to take page faults and that HUMA will allow GPUs to use memory pointers, in the same way that CPUs dereference pointers to access memory. He said that the CPU will be able to pass a memory pointer to the GPU, in the same way that a programmer may pass a pointer between threads running on a CPU.

AMD has said that its first HSA-compliant chip codenamed Kaveri will tip up later this year. While AMD’s decision to give GPUs access to DDR3 memory will mean lower bandwidth than GPGPU accelerators that make use of GDDR5 memory, the ability to address hundreds of gigabytes of RAM will interest a great many developers. AMD hopes that they will pick up the Kaveri chip to see just what is possible.

Source

Adobe Reader Security Issue Found

McAfee has discovered a vulnerability in Adobe’s Reader program that allows people to track the usage of a PDF file.

“Recently, we detected some unusual PDF samples,” McAfee’s Haifei Li said in a blog post. “After some investigation, we successfully identified that the samples are exploiting an unpatched security issue in every version of Adobe Reader.”

The affected versions of Adobe Reader also include the latest “sandboxed” Reader XI (11.0.2).

McAfee said that the issue is not a “serious problem” because it doesn’t enable code execution, however it does permit the sender to see when and where a PDF file has been opened.

This vulnerability could only be dangerous if hackers exploited it to collect sensitive information such as IP address, internet service provider (ISP), or even the victim’s computing routine to eventually launch an advanced persistent threat (APT).

McAfee said that it is unsure who is exploiting this issue or why, but have found the PDFs to be delivered by an “email tracking service” provider.

The vulnerability works when a specific PDF JavaScript API is called with the first parameter having a UNC-located resource.

“Adobe Reader will access that UNC resource. However, this action is normally blocked and creates a warning dialog,” Li said. “The danger is that if the second parameter is provided with a special value, it changes the API’s behavior. In this situation, if the UNC resource exists, we see the warning dialog.

“However, if the UNC resource does not exist, the warning dialog will not appear even though the TCP traffic has already gone.”

McAfee said that it has reported the issue to Adobe and is waiting for their confirmation and a future patch. Adobe wasn’t immediately available for comment at the time of writing.

“In addition, our analysis suggests that more information could be collected by calling various PDF Javascript APIs. For example, the document’s location on the system could be obtained by calling the Javascript “this.path” value,” Li added.

Source

openSUSE Lacks Resources For ARM

Opensuse said that its ARM development is being limited by a lack of resources to build software despite having launched its Open Build Service (OBS).

Last month the Opensuse project announced the release of Opensuse 12.3, which brought ARM support to the same level as x86 and AMD64. While the project is working on bringing ARMv7 and more importantly ARMv8 support to its Linux distribution, Jos Poortvliet, community manager at Opensuse, said that the project’s ARM development has been limited by the lack of build resources.

Opensuse announced a collaboration with Samsung to create the OBS, which it was hoped would speed up the development life-cycle. However Poortvliet said, “ARM development is limited by available build resources required for compiling each iteration of new software and while the OBS helps by bringing a lot of build power in one place, the use of QEMU meant that build resources were shared with native x86_64 builds, which turned out to be a performance limitation.

“With fast and dedicated ARM hardware we can reserve build power for ARM builds and make use of the more efficient KVM virtualization.”

However in better news, Poortvliet said that the project had managed to deploy KVM – the Linux kernel based virtual machine – on ARM hardware. He added that parent firm Suse has assigned more resources to building ARM software on OBS and forecast that all packages would be built in two weeks.

While Canonical and Red Hat have been vocal about their ARM developments, Suse and its Opensuse project have been quietly going about their business, though given Poortvliet’s comments regarding a lack of resources, perhaps they have been going about it too quietly.

Although ARM vendors are not expected to converge on the server market until next year, even ARM thinks that most servers using its chips will run open source software.

Unless Suse manages to get its act together, it might find that Canonical and Red Hat have already carved out a significant chunk of the market.

Source

Anonymous Goes After North Korea

Anonymous has restarted its attack against North Korea and once again is using a North Korean Twitter account to announce website scalps.

The Twitter account @uriminzok was the scene of announcements about the hacked websites during the last stage of Op North Korea, and reports have tipped up there again.

The first wave of attacks saw a stream of websites defaced or altered with messages or images that were very much not in favour of the latest North Korean hereditary leader, Kim Jong-un.

They were supported by a Pastebin message signed by Anonymous that called for some calming of relations between North Korea and the US, and warned of cyber attacks in retaliation.

“Citizens of North Korea, South Korea, USA, and the world. Don’t allow your governments to separate you. We are all one. We are the people. Our enemies are the dictators and regimes, our goals are freedom and peace and democracy,” read the statement. “United as one, divided by zero, we can never be defeated!”

Before the attacks restarted, the last Twitter message promised that more was to come. It said, “OpNorthKorea is still to come. Another round of attack on N.Korea will begin soon.” Anonymous began delivering on that threat in the early hours this morning.

More of North Korean websites are in our hand. They will be brought down.

— uriminzokkiri (@uriminzok) April 15, 2013

We’ve counted nine websites downed, defacements and hacks, and judging by the stream of confirmations they happened over a two hour period. No new statement has been released other than the above.

jajusasang.com twitter.com/uriminzok/stat…

— uriminzokkiri (@uriminzok) April 15, 2013

Downed websites include the glorious uriminzokkiri.com, a North Korean news destination. However, when we tried it we had intermittent access.

Last time around the Anonymous hackers had taken control of North Korea’s Flickr account. This week we found the message, “This member is no longer active on Flickr.”

Source

EPIC Wants Biometric Data From The FBI

The Electronic Privacy Information Center (EPIC) has pressed the US Federal Bureau of Investigation (FBI) for access to its database of US citizens’ biometric data.

EPIC already tried to get access twice last September, and now it is trying again. It said that it has sent repeated freedom of information act requests regarding the database, and that the FBI has failed to respond. Now it has filed a lawsuit for access (PDF).

It warned that the Next Generation Identification system (NGI) is a massive database that “when completed, [will] be the largest biometric database in the world”.

The NGI will use CCTV systems and facial recognition, and it includes DNA profiles, iris scans, palm prints, voice identification profiles, photographs, and other “identifying information”.

The FBI has an information page about the NGI, and there it said that photographs of tattoos are also included and that the system is designed to speed up suspect detection and response times.

“The NGI system will offer state-of-the-art biometric identification services and provide a flexible framework of core capabilities that will serve as a platform for multimodal functionality,” it said.

“The NGI Program Office mission is to reduce terrorist and criminal activities by improving and expanding biometric identification and criminal history information services through research, evaluation, and implementation of advanced technology”.

In its lawsuit EPIC said that the NGI database will be used for non law enforcement purposes and will be made available to “private entities”.

EPIC said that it has asked the FBI to provide information including “contracts with commercial entities and technical specifications”.

It said that so far it has received no information from the FBI in response to its requests.

Source

« Previous Page — Next Page »