News Rundown

It’s x86 Vulnerability Week | Gestalt IT Rundown: March 11, 2020

New vulnerabilities are published for AMD and Intel Processors, and we get an early look at the performance of Amazon’s Graviton2 processor. Join Rich Stroffolino and Tom Hollingsworth as they discuss all the IT news of the week!

This week on the Rundown:


Anthos for Telecom

Google Cloud announced a new telecom focused solution, Anthos for Telecom. This brings their multi-cloud application platform with Kubernetes support, with specialized services for telcos. Google Cloud is also launching the Global Mobile Edge Cloud service, which will let telcos run applications across Google edge network rather than just in their 20ish cloud data centers.

JEDI Judge Says Amazon Lawsuit has Merit

Another update in the continuing story that is the Pentagon JEDI contract. Previously Judge Patricia Campbell-Smith of the U.S. Court of Federal Claims ordered the Pentagon to stop work on JEDI while this kerfuffle was worked out. Now unsealed documents from a federal judge say that Amazon lawsuit agains the contact award “is likely to succeed on the merits”. The judge found that the Pentagon made a mistake in evaluating prices for competing proposals from Amazon and Microsoft, and that the mistake would materially harm Amazon (cause even they think $10 billion is a lot of money).

Nvidia Buys SwiftStack

Nvidia has been building out its datacenter business in recent years and acquiring IP across the stack. Now they announceds they’ve acquires SwiftStack to add some object storage and data management IP into the fold. Nvidia plans to use their tech for AI, high-performance computing and accelerated computing workloads, and SwiftStack will continue to support their open source tools.

TensorFlow Quantum

Google launched TensorFlow Quantum, an open-source library for prototyping quantum machine learning models, desinged to let developers create hybrid AI algorithms that use both classical computing techniques and quantum computer circuit simulations. Google says that TFQ works by taking quantum data contained in quantum bits, or qubits, and processing it with “hybrid-classical AI modelling,” to generate predictions about quantum algorithms. Microsoft’s Azure Quantum and IBM’s Q both offer similar services.


AMD CDNA

At AMD’s Financial Analyst Day, the company announced Compute DNA, a new GPU archtecture otpimized for data center compute workloads. CDNA will include the second-gen AMD Infinity Architecture to provide a high-bandwidth, low-latency interconnect between GPUs and CPUs, with unified memory across both, optimized for machine learning and high performance computing workloads. AMD expects to launch the new architecture in the summer.


Intel CSME Flaw Is Back

A vulnerability that impacts the Intel Converged Security and Management Engine (CSME) is worse than originally thought and a patch from May 2019 does not fully fix the issue. The CSME cryptographically verifies and authenticates all firmware running on a system. Mark Ermolov from Positive Technologies found the bug can be exploited by malware with root privileges to recover the chipset key and grant an attacker access to everything on a device. Previously it was thought physical access was needed to exploit the vulnerability. For sensitive systems the only recourse is to replace the hardware. Only Intel 10th-generation chips are free of the vulnerability.


Intel LVI Attack

Researchers at Bitdefender and a team of academics published details about a new class of vulnerabilities for Intel processors, called Load Value Injection, or LVI. This essentially is a reverse process of the speculative execution attacks like Meltdown. LVI attacks allow the attacker to inject code inside the CPU and have it executed as a transient “temporary” operation. The exploit was discovered independently by two sets of researchers who were able to demonstrate it attacking cloud environments and leak an encryption key from Intel’s secure enclave, and the researchers say a JavaScript exploit is possible. LVI seems to bypass many Meltdown partial fixes, with the researchers saying only a hardware fix can full address. The exploit has only been demonstrated on Intel processors.


AMD Side Channel Attack

A new paper from security researchers at Graz University of Technology in Austria claims that all AMD processors made from 2011 to 2019 are vulnerable to a side channel attack that could leak otherwise protected information. The researchers reverse-engineered AMD’s L1D cache way predictor, resulting in two types of attacks, Collide+Probe which can monitor a victim’s memory accesses on a time shared logical core, and Load+Reload, which can obtain highly-accurate memory-access traces on a physical core. The researchers were able to run the exploit in JavaScript run on Chrome and Firefox browsers, and also gained access to AES encryption keys. Compared to similar architectural vulnerabilities like Spectre and Meltdown, the ones disclosed only leak a “few bits of metadata,” rather than provide full access. The researchers notified AMD of their findings on August 23, 2019, and AMD said it believed these were “not new speculation-based attacks.”


Amazon’s Graviton Pull

Anandtech published a performance preview of Amazon’s Graviton2 processor, it’s 2nd generation ARM server chip that they’ll offer in EC2 instances. I though this was an interesting comparison to our conversation about Ampere’s recently announced 80-core ARM CPU. Graviton2 will offer up to 64-cores per socket, but with slower clock speeds and using less than half of the power of Ampere’s Altra. Anandtech points out that Graviton2 is essentially a reference ARM Neoverse N1 platform, and offers 40% cheaper performance compared to existing x86 offerings. This may change as AMD’s Rome platform begins rolling out.


The Gestalt IT Rundown is a live weekly look at the IT news of the week. It broadcasts live on YouTube every Wednesday at 12:30pm ET. Be sure to subscribe to Gestalt IT on YouTube for the show each week.

About the author

Rich Stroffolino

Rich has been a tech enthusiast since he first used the speech simulator on a Magnavox Odyssey². Current areas of interest include ZFS, the false hopes of memristors, and the oral history of Transmeta.

Leave a Comment