Spectre and Meltdown dominated the news for another week. I spend this episode understanding the new information and the cost of fixing this problem.
Photo: Toa Heftiba
Spectre and Meltdown dominated the news for another week. I spend this episode understanding the new information and the cost of fixing this problem.
Photo: Toa Heftiba
Week 2 of the Spectre and Meltdown CPU issue brought more information and more confusion. As companies attempt to fix the issue, even more problems arise. I spend the episode understanding what those issues are and discuss consumer’s options.
Photo: Stefano Pollio
The tech industry is still dealing with the fallout of the Spectre and Meltdown bugs as companies scramble to patch the vulnerability.
A consequence of such hasty actions is that the patches are 1.) introducing new bugs, 2.) breaking some AMD-powered computers, and 3.) most computers that are patched will see permanent performance impact.
There is a rumor that IBM is looking to reduce global services headcount by another 10,000 employees as news of a new CFO is announced.
To complete this wonderful news cycle, it seems that Boston might be the front-runner to host Amazon’s HQ2.
Niddel’s primary product, Niddel Magnet is a subscription service that uses machine learning to locate infected or compromised machines inside an organization. It works completely autonomously and doesn’t require customers to generate their own code, rules, searches or even any kind of content.
“Using machine learning to improve information accuracy significantly reduces false positives and significantly improves our detection and response capabilities,” Alexander Schlager, Verizon’s executive director for security services explained in a statement. Those capabilities were one of the primary reasons the company made the acquisition.
Alphabet, the umbrella corporation of Google, Inc. etc., has quietly acquired a UK-based startup called Redux, reports Bloomberg.
Redux was founded in 2013 out of Cambridge, and built technology that uses vibrations to turn surfaces of phones or tablets into speakers or provide haptic feedback.
The acquisition is reflected on Crunchbase, and in confirmed transfer of shares within U.K. regulatory filings. Google has made no mention of the acquisition as of yet.
However, Pierre Nanterme, the chairman and chief executive of Accenture, gave a strong signal on his most recent quarterly earnings call that he is not interested in large-scale M&A.
“This is not our game at Accenture,” he said in response to a question from a Wall Street analyst about whether Accenture Interactive might make “larger deals, rather than tuck-ins”.
Nanterme explained: “Our game is to drive organic growth on top of acquisitions of very specific companies with very specific and differentiated capabilities.
“And then what Accenture is offering to these companies we’re acquiring is our unique access to the best brands in the world and our unique geographic footprint.”
Accenture to acquire Germany based visualization firm Mackevision
Accenture has entered into an agreement to acquire Germany-based Mackevision, a leading global producer of 3D-enabled and immersive product content. The acquisition will add visualization capabilities to Accenture Interactive’s digital services portfolio – strengthening its ability to create compelling, next-generation customer experiences and industrial, extended reality applications. The acquisition is subject to customary closing conditions. Financial terms of the transaction are not being disclosed.
But the scientists from Kyoto developed new techniques of “decoding” thoughts using deep neural networks (artificial intelligence). The new technique allows the scientists to decode more sophisticated “hierarchical” images, which have multiple layers of color and structure, like a picture of a bird or a man wearing a cowboy hat, for example.
“We have been studying methods to reconstruct or recreate an image a person is seeing just by looking at the person’s brain activity,” Kamitani, one of the scientists, tells CNBC Make It. “Our previous method was to assume that an image consists of pixels or simple shapes. But it’s known that our brain processes visual information hierarchically extracting different levels of features or components of different complexities.”
For such modern cloud applications, Oracle proves a poor fit. Not only does the company offer a comparatively malnourished catalog of cloud services compared to leading vendors like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud, even its former strengths become weaknesses in the brave new cloud world. For example, one of its best selling points—vertical scale—proves its Achilles Heel in modern application infrastructure, where horizontal scale at levels simply impossible in an Oracle environment becomes the norm.
Oracle’s immediate answer seems to be to stick to its old game plan, leveraging its legacy database to broker a role in modern workloads. It’s not working. As Rishidot Research’s founder and chief research advisor Krishnan Subramanian has called out, “[Oracle] needs to shore up higher order services…to compete effectively with AWS and Azure. They cannot just rely on their database service as the path to cloud success and they need to compete with AWS on the breadth and depth of higher order services.”
Your personal computers will be less than 10 percent slower after you install the Spectre/Meltdown fix, Intel has revealed in a blog post. Intel has come to that conclusion after assessing the performance changes in computers using 6th, 7th and 8th Generation Intel core processors with Windows 10. Systems equipped with 8th generation (Kaby Lake, Coffee Lake) chips and SSDs will be the least affected, with the expected impact being less than 6 percent. Devices using the 7th Gen Kaby Lake-H mobile processors will be around 7 percent slower, while the performance impact on systems with the 6th Gen Skylake-S platform is approximately 8 percent.
Depending on how you use your computer, you may not even notice a difference. Based on Intel’s benchmark results, though, you will notice some slowdown if you browse the web and use applications, and it’s safe to say that most people do. Obviously, if you use your computer for heavy applications, the slowdown will be more noticeable.
While Oracle, MySQL, and Microsoft SQL Server stand supreme at the top of the database heap, their cloud competitors have been gaining steam—and fast. It’s probably not yet accurate to say that databases like DynamoDB and Azure Cosmos DB are gaining ground on the old guard, given that Oracle remains more than 100 times as popular as Cosmos, for example. But for new applications largely born in the cloud, these cloud-first databases dominate.
This matters because, as Gartner analyst Thomas Bittman has written, there’s a pronounced (and accelerating) shift from private datacenters to public cloud environments: “New stuff tends to go to the public cloud, while doing old stuff in new ways tends to go to private clouds. And new stuff is simply growing faster.” Not just a little bit faster, either: We’re talking about a 20X growth rate for the public cloud versus a 3X growth rate for private datacenters, by his analysis. Of course, legacy workloads dwarf these new cloud-friendly applications, but that won’t be true for long.
SAP announced two leadership changes Thursday, with Alex Atzberger moving to president of SAP Hybris and Barry Padgett taking over the helm at SAP Ariba, according to a press release. SAP Hybris solutions “comprise the omnichannel customer engagement and commerce business at SAP” and include offerings for commerce, marketing, sales, service and revenue. Padgett, who joined SAP through the acquisition of Concur, will focus on the oversight of SAP’s business network strategy as Ariba’s new president.
“Positioning these proven leaders, both with deep customer empathy and a business vision rooted in a beautiful customer experience, will have a tremendous, positive impact for customers worldwide,” said Robert Enslin, member of the Executive Board of SAP SE and president of Cloud Business Group, SAP. “The business acumen and expertise both Alex and Barry bring to their respective roles, coupled with the engineering innovation agendas already underway, will greatly advance SAP’s leadership pursuits in the areas of procurement, customer engagement and commerce.”
The newest Skype preview now supports the Signal protocol: the end-to-end encrypted protocol already used by WhatsApp, Facebook Messenger, Google Allo, and, of course, Signal. Skype Private Conversations will support text, audio calls, and file transfers, with end-to-end encryption that Microsoft, Signal, and, it’s believed, law enforcement agencies cannot eavesdrop on.
Intel is quietly advising some customers to hold off installing patches that address new security flaws affecting virtually all of its processors. It turns out the patches had bugs of their own.
The glitch underscores the complexity of Intel’s challenge as it scrambles to fix the unprecedented vulnerabilities, which were disclosed more than a week ago.
In a confidential document shared with some customers Wednesday and reviewed by The Wall Street Journal, Intel said it identified three issues in updates released over the past week for “microcode,” or firmware—software that is installed directly on the processor. The updates are separate from patches produced by operating system companies such as Microsoft Corp.
Microsoft Corp. on Tuesday said some customers found their AMD-powered computers were unusable after applying the latest security patches for the Windows operating system.
On an online support page, Microsoft said it would “temporarily pause” sending updates to some devices running AMD processors. After investigating, the software giant said it found “some AMD chipsets do not conform to the documentation previously provided to Microsoft.”
These attackers aren’t stealing data from victims, however—at least as far as anyone can tell. Instead, the exploit is being used to mine cryptocurrencies. In one case, according to analysis posted today by SANS Dean of Research Johannes B. Ullrich, the attacker netted at least 611 Monero coins (XMR)—$226,000 dollars’ worth of the cryptocurrency.
The attacks appear to have leveraged a proof-of-concept exploit of the Oracle vulnerability published in December by Chinese security researcher Lian Zhang. Almost immediately after the proof of concept was published, there were reports of it being used to install cryptominers from several different locations—attacks launched from servers (some of them likely compromised servers themselves) hosted by Digital Ocean, GoDaddy, and Athenix.
Chinese internet regulators scolded the country’s leading mobile-payments company for compromising its customers’ privacy, putting pressure on firms to better protect personal data in a society subject to heavy state surveillance.
The Cyberspace Administration of China said Wednesday that it had summoned representatives of Alibaba Group Holding Ltd. affiliate Ant Financial Services Group to dress them down for automatically enrolling users in its credit-scoring system.
IBM chief financial officer Martin Schroeter will move to a new role and will be replaced by company veteran James Kavanaugh, effective immediately.
Schroeter, who has been with the company for more than 25 years and has been finance chief for the last four years, will become senior vice-president for global markets.
His replacement, Kavanaugh, joined IBM in 1996 from AT&T and is currently a senior vice-president heading IBM’s transformation efforts.
While the announcement was unexpected, the logic behind the move is not and Kavanaugh would be a logical replacement for Schroeter, said Stifel analyst David Grossman.
According to a report in The Register Thursday, IBM is planning to reassign more than 30,000 staff from its Global Technology Services division, which primarily offers hardware and infrastructure consulting services, to other roles within the company.
That amounts to about 30 percent of GTS’ overall staff, who are set to be “productively redeployed,” according to a leaked document (pictured). About 10,000 of the affected staff are said to be based in the U.S., The Register added.
The staff reassignments, expected to take place later this year, could ultimately see about 10,000 jobs lost through “attrition,” with no plans to replace departing employees. However, the overall head count could be even higher, as a document leaked to The Register shows that 5,000 staff have yet to be assigned new positions, which means they could ultimately be laid off. And of those that have been reassigned, some may only be moved to “short term” positions, said one unnamed employee.
Boston has already been floated as a prime candidate for the new HQ2 because it is one of the U.S. cities where Amazon has research and development operations. Amazon, according to The Business Journals, has almost 1,000 workers in Boston who focus on Amazon Web Services, Audible, Alexa and speech-recognition software. Later this year, the opening of its Fort Point office will add 900 employees to the company’s Boston ranks.
Photo: Robert Szadkowski
Intel and other CPU chip makers announced a major security flaw last week that could impact almost every internet connected device on the planet.
This week’s episode focuses on that security bug and what it means for you personally and professionally.
Photo: Sandeep Swarnkar
Here we go again… there is another security flaw that could impact almost all connected computers. This time the issue is at the CPU kernel level and it could take some time to completely correct.
Amazon is one of the companies impacted by this flaw, but on the bright side, their bets on home speakers, video and music services, and grocery stores are paying off. The company also seems to be making progress on ridding themselves of Oracle software internally and in their service offerings.
And last but not least, Google is saving billions of dollars in another off-shore tax shelter plan.
Microsoft announced intentions to buy the Pittsburgh, Penn.-based vendor on Jan. 3 for an undisclosed amount.
Avere has developed file system and caching technologies designed to speed access to compute and storage in hybrid environments. Avere provides NFS and SMB file storage for Windows and Linux clients running in the cloud, hybrid, and on-premises environments.
But media moguls aren’t taking all this lying down; to defang FANG, they’re fighting with fire. They are remaking their companies in the same mold as their tech rivals, first by striking the deals necessary to scale into a group of fewer but bigger businesses that can at least approach the size of a quartet boasting a combined market capitalization of $1.9 trillion. They are also pivoting toward their rivals’ style of data-driven streaming direct to the consumer. As Murdoch summed it up in the wake of the Disney deal, “Silicon Valley is spending tens and tens of billions on entertainment programming,” he told NPR. “So it makes sense to bulk up the entertainment side, so that we’ve got a company that can go direct to consumers in a big way.”
Nothing defined the media sector more in 2017 than the mergers and acquisitions that have been the order of the day to appease an increasingly skeptical Wall Street. In addition to the Fox-Disney stunner, there was the $14.6 billion union of Discovery and Scripps completed in November. More such deals seem inevitable next year, such as the potential for Shari Redstone to engineer the reunion of CBS Corp. and Viacom. Maybe someone in Silicon Valley will finally buy one of the content companies as well.
Chris Lane, an analyst with Sanford Bernstein, says about eight in 10 of the investors he talks with are skeptical of Son. They see him as a solid telecom operator who is taking enormous risks with his investments and has demonstrated no special skill in technology investment. Lane sees clear evidence of that disbelief: SoftBank’s stock in Alibaba and other assets are worth more than 19 trillion yen after subtracting all its debt, but SoftBank’s market cap is only 9.8 trillion yen. It’s like your neighbor having a suitcase stuffed with $1 million in cash, but you’ll only pay him $500,000 for it because you think he’ll lose the rest on the way to your house. Critics not only don’t believe Son can pick the next Alibaba; they’re convinced he’s going to squander what he already has.
“If you think of this as a telco making unrelated investments and likely to lose money, then maybe the discount is right,” Lane says. “If you think this is a sophisticated technology investment firm with a strong track record, then this is an unbelievable opportunity.”
The rapid growth of AI in China can also be partly attributed to government support. Beijing laid out a development plan in July to become a world leader in AI, aiming to build a domestic AI industry worth at least 1 trillion yuan (around $1.5 billion), according to a government document. Chirag Dekate, research director of high-performance computing for Gartner, thinks China is getting into AI for the long haul. “The U.S. is driving AI innovation across the spectrum, in software and hardware,” said Dekate in an interview with Investor’s Business Daily. “Early use cases and early adopters are happening more in the U.S. than any geography in the world. But China is looking at it from a marathon perspective.”
But privilege escalation is much scarier in the cloud, where the same server could be working for dozens of people at once. Platforms like Amazon Web Services and Google Cloud let online companies spread a single program across thousands of servers in data centers across the world, sharing hardware the same way you’d share an airplane or a subway car. Collective hardware isn’t a security problem because even when different users are on the same server, they’re in different software instances, with no way to jump from one instance to another. Spectre could change that, letting attackers steal data from anyone sharing the same chip. If a hacker wanted to perform that kind of attack, all they’d have to do is start their own instance and run the program.
Cloud services are also a lucrative target for anyone hoping to cash in on Spectre. Lots of midsize businesses run their entire infrastructure on AWS or Google Cloud, often trusting the platform with sensitive and potentially lucrative information. Bitcoin exchanges, chat apps, even government agencies all keep passwords and other sensitive data on cloud servers. If you’re running a modern web service, there’s simply no other choice. If someone did set a new exploit running on a cloud instance, there’s no telling what kind of data might shake out.
You’d expect any digital media business to offer some degree of technical support to its biggest advertisers, but the solutions engineering team is actually building products.
For example, it was involved in creating Facebook’s dynamic ads format (where ads show different products to different users based on their activities and interests). Mehta said dynamic ads were first inspired by the complaints of an advertiser he was meeting with in Hamburg, Germany, and he then worked with the Facebook Ads team to create a prototype, eventually leading to a more polished product and broader availability.
It’s probably safe to say that not every client meeting leads to a new ad format — sometimes Mehta’s team is just helping advertisers understand how to use their existing tools in a more effective way. But that other option, working with the rest of Facebook to build something new, is also on the table.
Salesforce is developing its own alternative to Oracle’s database, while Amazon is moving toward open-source technology called NoSQL, sources told The Information. If Amazon and Salesforce could move away from Oracle, it could be proof that other big businesses could, too, one consultant told The Information.
Oracle’s database technology, as well as the coding language Java, have been the market standard in many industries since at least the 1990s, as one of the first databases to support “http” technologies online.
In modern architectures, there are inviolable spaces where data passes through in raw, unencrypted form, such as inside the kernel, the most central software unit in the architecture, or in system memory carefully set aside from other applications. This data has powerful protections to prevent it from being interfered with or even observed by other processes and applications.
Meltdown and Spectre are two techniques researchers have discovered that circumvent those protections, exposing nearly any data the computer processes, such as passwords, proprietary information, or encrypted communications.
Meltdown affects Intel processors, and works by breaking through the barrier that prevents applications from accessing arbitrary locations in kernel memory. Segregating and protecting memory spaces prevents applications from accidentally interfering with one another’s data, or malicious software from being able to see and modify it at will. Meltdown makes this fundamental process fundamentally unreliable.
Spectre affects Intel, AMD, and ARM processors, broadening its reach to include mobile phones, embedded devices, and pretty much anything with a chip in it. Which, of course, is everything from thermostats to baby monitors now.
Cloud infrastructure vendors begin responding to chip kernel vulnerability
“We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying mitigations to cloud services and are releasing security updates today to protect Windows customers against vulnerabilities affecting supported hardware chips from AMD, ARM and Intel. We have not received any information to indicate that these vulnerabilities had been used to attack our customers.”
But while the public is just being informed about the security problem, tech companies have known about it for months. In fact, Google informed Intel of the vulnerability in June, an Intel representative told Business Insider in a statement.
That means Intel was aware of the problem before Krzanich sold off a big chunk of his holdings. Intel’s CEO saw a $24 million windfall November 29 through a combination of selling shares he owned outright and exercising stock options.
The stock sale raised eyebrows when it was disclosed, primarily because it left Krzanich with just 250,000 shares of Intel stock — the bare minimum the company requires him to hold under his employment agreement.
The bet paid off, with AWS now on track to generate more than $10 billion annually. More importantly, that $10 billion annually comes with a pretty healthy margin — though, over time, that margin may slip down. For the time being, though, it’s an impressive business compared to the razor-thin profits that Amazon might generate from its retail operations and a good data point as its media services like video or music start to play out.
And, as usual, recurring revenue is a story that Wall Street loves. Amazon is a company that people will often tell you not to bet against, and its stock is up more than 50 percent on the year thanks to an array of businesses that all appear to be showing growth and the company’s recent-ish ability to turn a profit. Amazon can thank AWS a lot for that.
Relatively few mainstream investors have bought large sums of bitcoin, scared off by concerns about cybersecurity and liquidity, as well as more mundane fears of investment losses. Even some of those who do own it are cautious about speaking too publicly, lest they draw the attention of hackers.
The recent price plunge has also spooked some. On Dec. 22, the prominent investor Michael Novogratz said he was delaying launching a crypto-focused hedge fund for outside investors, stating “we didn’t like market conditions for new investors.” South Korea announced last week it would crack down on cryptocurrency trading, an ominous sign given that the country at one point accounted for as much as one-fourth of global bitcoin trading activity.
Newly published Netherlands regulatory filings show that Google shielded €15.9 billion (about $19.2 billion) in 2016 using the popular “Dutch Sandwich” tax trick, saving it about $3.7 billion in taxes. The maneuver involves shifting revenue from an Irish subsidiary to a Dutch firm with no staff, and promptly moving the funds to a Bermuda mailbox owned by another Ireland-listed company. And this practice isn’t slowing down — Google moved 7 percent more cash through this approach in 2016 than it did a year earlier.