Spectre v2 mitigation causes significant slowdown on Linux 4.20

One of Intel’s mitigations for a variant of the Spectre vulnerability will reportedly significantly slow down performance of the latest Linux kernel.

The mitigation, called Single Thread Indirect Branch Predictors (STIBP), was put in place by Intel earlier this year when the Spectre vulnerability and its variants were first publicly disclosed. Intel proposed two other mitigations to this particular version — Spectre variant 2, tracked as CVE-2017-5715 — but this one, it turns out, would have a negative effect on Linux 4.20.

If Linux 4.20 is run with Intel chips that implemented the STIBP mitigation for Spectre v2, performance could drop 30% to 50%, depending on the application.

The mitigation is only on Intel chip models that have hyperthreading, but that still includes Core i3, Core i7 and above, as STIBP became part of Intel’s mainline chip production.

Technology website Phoronix reported the significant slowdowns on Linux 4.20 on Nov. 17, 2018, and said they were caused by the addition of kernel-side bits for STIBP.

After seeing the numbers Phoronix reported, Linux creator Linus Torvalds weighed in, suggesting that users disable mitigations for Spectre v2.

“When performance goes down by 50% on some loads, people need to start asking themselves whether it was worth it,” Torvalds wrote. “It’s apparently better to just disable SMT [simultaneous multi-threading] entirely, which is what security-conscious people do anyway.”

SMT is what Intel calls hyperthreading and was introduced in the early 2000s. However, Spectre and its variants proved that hyperthreading makes side-channel attacks possible.

There has been a history of performance drops with Meltdown and Spectre vulnerability mitigations since vendors started rolling them out earlier this year. However, the slowdowns associated with this Spectre v2 mitigation are the most significant.

Mitigating Meltdown and Spectre has been a difficult process from the beginning. The first patch Intel released had to be recalled after it caused PCs and servers to lock up.

In other news:

  • On Wednesday, Nov. 28, Dell informed its customers that their passwords had been reset due to the discovery of unauthorized access in its network back on Nov. 9, 2018. While Dell stated that its investigation did not find evidence that data was actually stolen, it did indicate that an attempt to extract user data had been made, and it was unable to definitively confirm that no data had been exfiltrated. While credit card and other sensitive information is not believed to have been exposed, an attempt was made to extract Dell.com user information, email addresses, hashed passwords and names. Dell.com reset all account passwords and warned users to change passwords for accounts that use similar ones. This reset also affected Dell’s Premier, Global Portal and support.dell.com online services, but the DellEMC.com and DellTechnologies.com accounts are not believed to be affected. It is unknown how many users were affected.
  • Microsoft issued a security advisory on Wednesday, Nov. 28, warning users of two applications that accidentally installed root certificates onto computers, which resulted in a leak of private keys. The two applications developed by Sennheiser — HeadSetup and HeadSetup Pro — are used for softphone setup and management. This error, tracked as CVE-2018-17612, allows malicious third parties to extract private keys from the two applications and use them to issue forged certificates to spoof websites and software publishers. While the advisory was released earlier this week, the issue was found earlier this year by Secorvo Security Consulting, a cybersecurity consulting company based in Karlsruhe, Germany. The consultancy discovered that versions 7.3, 7.4 and 8.0 had installed two root certificate authority certificates into the Windows Trusted Root Certificate Store. These certificates were also found to have been installed for Mac users through the HeadSetup macOS app. Sennheiser has since removed the apps from its website and is working on an update. It has also removed the root certificates from the affected systems and plans to replace them with new ones that will not leak private keys. In order to prevent further attacks, customers should update their apps. Microsoft has updated the company’s certificate trust list to remove the malicious certificates; instructions on how to manually remove the certificates can be found in Secorvo’s report.
  • In 2015, Lenovo shipped 750,000 laptops with preinstalled adware — dubbed VisualDiscovery — developed by the defunct Israeli online advertising company Superfish. And on Nov. 21, 2018, a class action lawsuit was settled, with Lenovo paying $7.3 million to affected customers. The adware compromised online security protections that users installed onto their laptops, performed man-in-the-middle attacks and accessed their financial data. In 2017, Lenovo agreed to pay $3.5 million after signing an agreement with the Federal Trade Commission, Connecticut and 31 other states. Likewise, Lenovo promised to alter how it sold devices and, in another agreement, paid an additional $3.5 million to state authorities. All of this comes after Lenovo stated in 2015 that it did not agree with the allegations, and that it was unaware of the exploitation of the app by a third party. Lenovo also claimed it stopped selling the software in 2015.

Go to Original Article
Author:

Customize Microsoft Translator’s Neural Machine Translation to translate just the way you want: Custom Translator now in General Availability

Custom Translator, now in general availability, significantly improves the quality of your translations by letting you build your own customized neural translation models tuned with your own pre-translated content.​ Using Custom Translator, you can translate your product names and industry jargon just the way you want.

With Custom Translator, an extension of the Microsoft Translator Text API, part of the Cognitive Services suite of products on Azure, you can build neural translation models that understand the terminology used in your own business and industry. The customized translation model will then seamlessly integrate into existing applications, workflows, and websites.

Custom Translator can be used with Microsoft Translator’s advanced neural machine translation when translating text using the Microsoft Translator Text API and speech translation using the Azure Cognitive Services Speech Service.

Preview customers of Custom Translator have already noted its improvements on translation quality and its usefulness regardless of the amount of pre-translated, bilingual content available.

Alex Yanishevsky, Senior Manager for machine translation at Welocalize, a leading language service provider, remarked, “Using Custom Translator, we’ve seen very good quality in comparison to other engines. It is very flexible. You can make engines just based on dictionaries if you don’t have enough data, and if you do have enough data you can make an engine based on data plus dictionaries. From the standpoint of customization, having that flexibility is really important.”

How it works

Custom Translator is easy to use and does not require a developer once the call to the Translator service has been properly set up in your app’s code. Custom Translator features a simple and intuitive web app that guides you through the 4-step process of customizing a model:

  1. Upload your data
  2. Train a model
  3. Test the model
  4. Deploy the new customized model to be used in your app

View the process in the image below.

For advanced use, there is also the Custom Translator API (preview) to automate the customization into your workflows.

Building and using custom NMT with Translator is quick, easy, and cost effective. By optimizing how training is performed, and how the Translator runtime incorporates the custom training, our team was able to provide a solution for customizing the Translator NMT models with a training cost that is less than 1% of the cost of training a new neural translation model from scratch. This, in turn, enables Microsoft to provide a cost-effective and simple pricing model to our users.

General availability pricing will go into effect on February 1st, 2019.

Get started now

  1. Ensure you have a Translator Text API key
    If you don’t have a key already, learn how to sign up.
  2. Log into the Custom Translator portal
    You can use your Microsoft account or corporate email to sign into the portal.
  3. Watch the how-to video and read the documentation.
  4. Questions?
    Ask them on Stack Overflow. We monitor these daily!

Go to Original Article
Author: Steve Clarke

This guide can help you buy the right device for the holidays – Windows Experience Blog

There’s something for everyone with devices from Microsoft and its partners.

If you’re shopping for your friends and family this holiday season, we’d like to help you with this guide to devices for everyone in your life – especially those who prefer to work or play on the go. No matter what you choose, you’ll find thinner and lighter devices that deliver flexibility (tablets, laptops, 2-in-1s), voice assistants (Cortana, far-field mics) and enough power to run Windows Mixed Reality. Gamers and creators in your life will also appreciate powerful CPUs and 4K touch displays, and the ability to deftly maneuver between typing on a keyboard and writing, drawing or sketching with a digital pen. For those who need to stay connected – without relying on Wi-Fi – there are more choices with longer battery life. You’ll even find devices do a lot, for less than you’d think you’d have to pay.
For the one who is on the go

The Acer Swift 5 weighs in at only 2.14 pounds with a sleek magnesium-lithium cover and distinct charcoal blue color. Power through everyday tasks, watch videos or surf the web with Intel’s latest 8th Generation Core i7 processor and tackle things on your to-do list with your digital assistant Cortana. Utilize the power of Windows Hello with the integrated fingerprint reader for more secure logins on the Swift 5, available from Amazon.com starting at $899.99.

Surface Laptop 2 provides personalized style in a sleek and accessible device with all-day battery life, same stunning touch screen as the Surface Go, and four tone-on-tone colors: Burgundy, Cobalt Blue, Platinum and Matte Black. Starting at $999 at the Microsoft Store.

Surface Go, now available with LTE Advanced, offers all the comforts of a laptop with the convenience of a 10-inch tablet. Surface Go delivers a small, 1.15 pound portable 2-in-1 form factor that adapts to the way you live. Whether at work, home or on the road, Surface Go runs Office365 and offers built-in Windows Hello for a more secure sign-in. Available from the Microsoft Store starting at $399.99.

The Huawei MateBook X Pro opens new horizons with its FullView design, a 91 percent screen-to-body ratio ideal for watching movies and videos in 4K. It’s powered for creativity with the latest 8th Generation Intel Core Processors and up to 12 hours per charge* to create and play all day. Packed with great Windows features like Cortana and Windows Hello for more secure logins, you can get the MateBook X Pro on NewEgg starting at $1,199.

For the creators

The ASUS ZenBook Pro 15 gives you the power to do whatever you want to do, wherever you want to do it. Powered by Intel’s 8th Generation Core processor with a 4K UHD NanoEdge touchscreen display, it is a creative’s delight. Use the innovative ScreenPad as a second display to use apps, play music, look at your calendar and more. Get it from Best Buy starting at $1,749.99.

The Samsung Galaxy Book2 keeps you productive without the dependency of Wi-Fi, thanks to its LTE connectivity. With Instant On, it starts up quickly so you can work and stream your favorite content while on the go. With its multi-workday battery life, S Pen and keyboard that come included in the box, you can get more work done from just about anywhere. Available on Samsung.com starting at $999.99.

For someone who needs to be hands-free

Surface Pro 6 offers all-day battery for up to 13.5 hour of work, fun or both. With best in class keyboard and trackpad and 67 percent faster than its predecessor, Surface Pro 6 offers the versatility you need to create and be productive from anywhere. The 12.3-inch PixelSense Display and multi-screen docking presents content beautifully and Surface Pro 6 now includes an 8.0 MP auto-focus camera and far field microphones, so you can ask Cortana questions from the next room. Now with new color options like matte black, check it out at the Microsoft Store starting at $899.99.

Lenovo’s Yoga Book C930 rewrites the rules of mobile productivity and creativity as the world’s thinnest and lightest dual-display laptop including a display built with E Ink. The versatile E Ink screen serves as a keyboard, notepad and eReader. It’s ultraportable at just 9.9mm at its thinnest when closed, and has up to 10-hour battery life and a Precision Pen for easy sketching and inking on either screen. Starting at $949.99, it is available on BestBuy.com and Lenovo.com.

For someone who enjoys flexibility

Get versatility and mobility with the ASUS ZenBook Flip 13. Its 13-inch display has ultra-narrow bezels on all four sides, giving a 90 percent screen-to-body ratio that allows a much more compact chassis design. With its 360°-flippable ErgoLift hinge, the latest Intel Core processors, active-stylus support, ZenBook Flip 13 is versatile, powerful and portable. Get it from Best Buy (model Q326FA) starting at $1,099.99.

The Dell XPS 13 2-in-1 is elegant at every angle, with a 360-degree hinge that allows you to work in four flexible positions: tablet, tent, laptop and stand modes with up to 8th Gen processors. Turn thoughts into actions with Windows Ink that allows you to capture notes, make edits and create content with the Dell Active Pen. Enjoy password-free sign-ins with Windows Hello using one touch or your face for recognition. Available from Dell.com starting at $999.99.

Enjoy a bold, new design with the HP Spectre Folio, crafted from leather and able to adapt to three different positions – laptop, tablet or tilted forward. With up to 18 hours of battery life and more than 4,000 levels of sensitivity with stylus support, you can create and play all day. Starting at $1,299.99, you can grab one on HP.com.

For the gamer who seeks superior performance

Optimized for performance, the Alienware m15 provides quality and maximum mobility with its sleek design features a narrow side bezel to maximize screen space to view explosive action first. The new Alienware mSeries keyboard even features 1.4mm of key travel, anti-ghosting keys and four Alien-FX enabled zones to light up the room during any gameplay, while also supporting in game lighting reactions for over 150 game titles. Powered by 8th Generation Intel processors and NVIDIA GeForce GTX 1060 and 1070 Max-Q graphics, this gaming rig is capable of VR and beyond. Available starting at $1,379.99 at Dell.com.

The Razer Blade 15 is powered by Intel’s 8th generation Core i7 6 core processor and NVIDIA GeForce GTX 10 Series graphics with Max-Q design for amazing gaming performance. Precision milled from solid aluminum, it has one of the smallest footprints of any 15.6-inch gaming laptop and is as thin as 0.66-inch making it lightweight and ultra-portable. It also features a Full HD display and dual storage in the Base Model versions, or users can step up to 144Hz refresh rates and a thinner design featuring a vapor chamber cooling system in the Advanced Model. Available from Razer.com starting at $1,599, and includes a digital copy of “Call of Duty: Black Ops 4 ” until the end of the year.

Experience true 4K gaming with Xbox One X, the world’s most powerful console and smallest Xbox ever built With Xbox One X, features like a built-in 4K Ultra HD Blu-ray player, 4K streaming with High Dynamic Range and Dolby Vision, premium audio with Dolby Atmos and DTS:X support and services unique to the Xbox platform like Xbox Game Pass, Xbox Live and Xbox One Backward Compatibility are at your fingertips, making Xbox One the best place to play. Get $50 off yours for a limited time, starting at $449 at Microsoft Store.

For the person who is always-connected

Lean, light and crafted from premium aluminum, the Lenovo Yoga C630 WOS (Windows on Snapdragon) 2-in-1 convertible offers smartphone-like integrated LTE Advanced Pro connectivity and up to 25 hours of local video playback thanks to the power-efficient architecture of the Qualcomm Snapdragon 850 Mobile Compute Platform. Get creative with the optional Lenovo Pen and use the laptop as your canvas or notepad, with drawing and editing capabilities with Windows Ink. The Yoga C630 WOS is available at BestBuy.com and in store for $699 or $599 with a Verizon contract.

Be on the move but stay always-connected with the HP Envy x2. With up to 22 hours of battery life and 4G LTE connectivity, you get the best PC and tablet experience no matter where life takes you. Its detachable keyboard and magnetic hinge enables seamless transition from laptop to tablet mode. Enjoy note taking, drawing and more with Windows Ink and ask Cortana to tackle your to-do list. Get it from HP.com starting at $799.99.

Devices that do a lot for a little

Enjoy all day productivity and entertainment with the slim ASUS VivoBook Flip 14. With its 14-inch ASUS Nano Edge bezel, a full HD display fits into a larger frame. It’s packed with great features like one-touch logins with Windows Hello and an optimal ASUS pen for writing, drawing and more. The durable hinge rotates 360-degrees to change to the way you want to work. Available from Amazon.com starting at $635.99.

Colors come alive with the Acer Spin 1, which has FHD IPS display and Acer Color Intelligence and a 10-point touch feature that keeps you creative with the Acer Active Stylus. Lightweight and portable, it has a 360-degree hinge that provides four modes to create at every angle. Buy it from Acer.com starting at $329.99.

*Data is obtained by HUAWEI laboratories using continuous local 1080p video playback, 150 nits brightness, auto-dimming off, system audio level at 67 percent, Windows Update off, OneDrive off, pre-installed applications removed. Actual battery life will vary depending on configuration and maximum capacity will naturally decrease with time and usage.
Editor’s note: Added footnote for Huawei’s battery life after publication.Editor’s note: Changed Huawei’s link to NewEgg after publication.
Updated December 5, 2018 1:11 pm

For Trade – 27 IMac 2009 for a Mac mini

Putting this up on the off chance someone is interested in a trade. After getting a working from home setup installed I don’t really have room for my iMac anymore, and would much prefer a Mac mini to connect up to my work monitors as an alternative to using my work laptop.

The iMac is in good condition, with a wireless keyboard (I missed the number pad so swapped away from the older apple keyboard ages ago) and the apple mouse that came with it (not shown in the pic).

I swapped out the HDD a while ago to a 240gb ssd, which has been great. It’s had very light use and is a great machine but the mini would suit me a lot better now. Don’t have boxes and wouldn’t risk posting so really looking for an in person swap.

Price and currency: 350
Delivery: Goods must be exchanged in person
Payment method: Trade only
Location: Bangor/N.Ireland
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Go to Original Article
Author:

Ponemon study shows data valuation discrepancies in enterprises

Security and IT may play a larger role in prioritizing confidential and proprietary information assets than many organizations realize, especially at companies that take an informal approach to data valuation.

Research by the Ponemon Institute released this week looked at the value of information assets and how companies underestimate data breach costs based on miscommunication about what constitutes high value assets. The research, “Understanding the Value of Information Assets,” sponsored by document security vendor DocAuthority, is based on Gartner’s Infonomics Data Valuation Model, which attempts to evaluate data assets in the same way as physical, financial and human capital.

Ponemon surveyed 2,820 professionals in the United States and the United Kingdom, whose roles compromised IT security (530), IT (459), marketing and sales (456), human resources (425), finance and accounting (351), legal (336), and product and manufacturing (263).

Respondents were categorized by job function and then asked to determine the value of proprietary and confidential information per record or per file based on predetermined data types. They were also asked to rate the importance of six elements that contribute to an asset’s total value including its business, cost, economic, market, performance and intrinsic value (correct, complete and exclusive data). The asset’s impact on business performance topped the list.

The highest valued assets, according to Ponemon’s findings, included research and development (R&D) documents, merger and acquisition information, pricing models, codes and scripts as well as financial documents and employee agreements.

Respondents’ data valuations were determined based on a range of factors, including the impact of data reconstruction as well as data leakage to competitors, cybercriminals, the public and even other employees.

Based on respondents’ data valuation (by functional area), researchers estimated that a breach of IT security’s assets would result in the highest cost at $11.14 million on average, followed by product and manufacturing at $10.8 million. Surprisingly, finance and accounting ranked second to last at $7 million, followed by IT at $6.70 million.

Researchers found that the value of information assets generally decreased over time, in part because the latest data, such as R&D for example, was viewed as having more “importance” to an organization’s bottom line. At the same time, IT security professionals valued the cost of reconstructing R&D documents at less than half of the data’s perceived business value, $306, 545 versus $704,619. Similarly, IT security underestimated the costs of the loss of financial and accounting documents, at $131,570 compared to $303, 182 projected by respondents who worked in those job functions.

The Ponemon report also indicated that IT security professionals estimated the loss of monthly salary information for 1,000 employees at higher than HR professionals, $94,148 versus $57,477.

The mismatch in data valuations may lead to misplaced investment in data protections, warned Ponemon researchers. Unstructured data, which makes up the majority of data at many organizations, is harder to inventory, classify and control.

Response to a data breach is another area in which professionals had different outlooks based on their job functions. According to the report, respondents in legal roles indicated the highest confidence in the organization’s preparation for a data security breach at 41%, while IT and product and manufacturing had the least confidence at 25%. IT security was slightly higher at 29%.

Go to Original Article
Author:

For Trade – 27 IMac 2009 for a Mac mini

Putting this up on the off chance someone is interested in a trade. After getting a working from home setup installed I don’t really have room for my iMac anymore, and would much prefer a Mac mini to connect up to my work monitors as an alternative to using my work laptop.

The iMac is in good condition, with a wireless keyboard (I missed the number pad so swapped away from the older apple keyboard ages ago) and the apple mouse that came with it (not shown in the pic).

I swapped out the HDD a while ago to a 240gb ssd, which has been great. It’s had very light use and is a great machine but the mini would suit me a lot better now. Don’t have boxes and wouldn’t risk posting so really looking for an in person swap.

Price and currency: 350
Delivery: Goods must be exchanged in person
Payment method: Trade only
Location: Bangor/N.Ireland
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Go to Original Article
Author: