Category Archives: Stiri IT Externe

Kubuntu Focus Laptop is Now Ready for Pre-Order » Linux Magazine

The Kubuntu Focus is a new Linux laptop effort set to marry the Kubuntu Linux distro and a laptop aimed specifically for gamers, power users, developers, video editors, and anyone who seeks performance and seamless Linux compatibility.

And now, this brand new laptop is ready for pre-order.

The laptop was born from a collaboration between Kubuntu, Tuxedo Computers, and MindShareManagement Inc. The Focus will not only highlight the KDE desktop environment, it will be the first officially recognized laptop created specifically for the Kubuntu Linux distribution.

But before you visit the site for pre-order, understand this is a premium piece of hardware with a premium price tag. The hardware specs alone should clue you in on the price. The base model includes:

  • Display – Full HD 16.1-inch matte 1080p IPS 144Hz.
  • CPU – 6-core/12-threads Intel Core i7-9750H processor with 4.5GHz Turbo.
  • GPU – Nvidia GeForce RTX 2060 6GB GDDR6 with PhysX and CUDA graphics card.
  • RAM – 32 GB Dual Channel DDR4 2666 RAM.
  • Storage – 1TB Samsung 970 EVO Plus NVMe SSD.

You can bump the RAM up to 64GB and the GPU to an NVIDIA RTX 2080.

Other noteworthy features include:

  • Backlit keyboard.
  • Kensington lock.
  • NVMe and SSD near-silent operation.
  • Temperature controlled fans.
  • Metal surface chassis and plastic bottom.
  • Dual Mode Bluetooth 5.
  • Optical S/PDIF output.
  • 2-in-1 audio.
  • 6-in-1 card reader.
  • Full disk encryption.

The base unit sells for $2,395.00 USD. A maxed out version will set you back $3,555.00. The units are set to start shipping in February 2020. For more details (as well as benchmarks), check out the Kubuntu Focus main site.

Source link

2019 in Review: The Biggest Internet Outages of the Year

Any time Internet outages take place, they can be extremely disruptive to global businesses. By preventing users from reaching critical applications and services, outages can cause major revenue and reputation damage. While application delivery is dependent on many Internet Service Providers (ISPs), it also increasingly relies on a large and complex ecosystem of Internet-facing services — such CDN, DNS, DDoS mitigation, and public cloud. These services work together to provide exceptional digital experiences to users and even brief disruptions can have a significant impact.

At the same time, enterprises are increasingly relying on Internet transport to connect their sites and reach business critical applications and services. Gone are the days in which applications are solely hosted in private data centers and office locations and are connected primarily by MPLS circuits. The Internet is replacing or supplementing services like MPLS as enterprises embrace SD-WAN technologies. As a result, the Internet is now effectively the enterprise backbone, which as a “best effort” transport can have significant yet unforeseen consequences for businesses.

Over the last year, several large-scale outages had ripple effects across the global Internet, impacting enterprises and consumers alike. We compiled a list of the most significant of these outages took place over the summer and disrupted nearly every top tech company in some fashion. Here are the year’s most disruptive outages, in chronological order, and what can be learned from them:

May 13, 2019 — China Telecom Outage Reveals Its Global Reach

While not the most disruptive outage of 2019, a global and fairly long-lasting outage in China Telecom’s network proved to be a harbinger of incidents to come, while also revealing a lesson in how China Telecom’s reach extends far beyond mainland China.

For nearly five hours on May 13, 2019, China Telecom experience substantial packet loss across its backbone, primarily impacting network infrastructure in mainland China, but also affecting China Telecom’s network in Singapore and multiple points in the U.S., including Los Angeles. Over one hundred services were disrupted around the world. And though not exclusively impacting western sites and services, many users of major U.S. brands such as Apple, Amazon, Microsoft, Slack, Workday, SAP, experienced disruptions over the course of the outage window.

This incident illustrated some important realities about China and its impact on the global Internet that many folks aren’t aware of. Specifically, it highlighted that many of the censorship policies that apply to Chinese Internet users may actually be implemented far beyond China’s borders and in countries that have very different attitudes and policies related to Internet use.

June 2, 2019 — “Summer of Outages” Begins with Google Cloud

On June 2, 2019, Google Cloud Platform experienced a significant network outage that impacted services hosted in parts of us-west, us-east and us-central regions. This outage impacted Google’s own applications, including GSuite and YouTube. The outage lasted more than four hours, which becomes notable given the criticality of its service to business customers. Google issued an official report on the incident several days later. ThousandEyes vantage points were able to see the outage as it unfolded in real time, effectively revealing its characteristics and scale ahead of more detailed information becoming publicly available.

Beginning at approximately 9AM ET, we observed 100% packet loss from global monitors attempting to connect to a service hosted in GCP us-west2-a. Similar losses were seen for sites hosted in several portions of GCP US East, including us-east4-c.

The complete unavailability of parts of Google’s network turned out to be due to Google’s network control plane inadvertently getting taken offline. Google later revealed that during the outage period, a set of automated policies determined which services were or were not reachable through the unaffected parts of its network.

One of the most important takeaways from cloud outages is that it’s vitally important to ensure any cloud architecture has sufficient resiliency measures, whether on a multi-region basis or even multi-cloud basis, to protect from future recurrence of outages. It’s reasonable to expect that IT infrastructure and services will sometimes have outages, even in the cloud.

June 6 — An Unfortunate Series of Events Takes Down WhatsApp for Many Users

On June 6, 2019, a large number of users around the globe attempting to access the WhatsApp service experienced connectivity issues. we were able to immediately see that 100% packet loss was preventing the service’s reachability. Upon further analysis, we determined the root cause of this packet loss was a massive route leak that steered traffic to China Telecom — a service provider that does not forward any Facebook-related traffic.

Sound convoluted? Let’s recap.

The incident was triggered when a Swiss colocation company called Safe Host announced to the Internet that the best way to reach WhatsApp and thousands of IP prefixes was through its network, AS 21217. When Safe Host advertised these routes, they were accepted by China Telecom and further propagated through other ISPs such as Cogent. Users whose traffic was routed to Cogent and ultimately handed off to China Telecom would have been completely unable to reach the service.

It’s unclear why China Telecom would accept routes to a service that it censors, but what is clear is the lesson of this outage. BGP route leaks are not uncommon on the Internet. For anyone who relies on the Internet, an ecosystem that is deeply interconnected and vulnerable, they must understand how it works and expect that a glitch in one service provider can have cascading effects on another. The unfortunate reality is that business risks associated with BGP route leaks and other Internet flaws are greater given the modern enterprise and service delivery landscape.

June 24 — Cloudflare Users Fall Victim to Routing Mishap

Just a couple of weeks after the massive route leak that impacted WhatsApp users, the Internet experienced yet another route-related incident, this one far more damaging.

On June 24, 2019, for nearly two hours, a significant BGP routing error impacted users trying to access services fronted by CDN provider Cloudflare, including gaming platforms Discord and Nintendo Life. Our analysis found that a significant BGP route leak affected a variety of prefixes from multiple providers. DQE, a transit provider, was the original source of the route leak, which was propagated through Allegheny Technologies, a customer of both DQE and Verizon. Unfortunately, Verizon further propagated the route leak, magnifying the impact.

Sites served through the CloudFlare CDN were impacted for nearly two hours. This major Internet disruption affected about 15% of Cloudflare’s global traffic and impacted services like Discord, Facebook and Reddit. The route leak also affected access to some AWS services.

The root cause of the incident was eventually traced to DQE’s use of a BGP optimizer software that created routes to Cloudflare services that were only meant to be used within DQE’s internal network. When these routes were accidentally leaked to one of its customers, mayhem ensued.

This incident was yet another reminder of how incredibly easy it is to dramatically alter the Internet service delivery landscape. In a cloud-centric world, enterprises must have visibility into the Internet if they’re going to be successful in delivering services to their users.

July 4 — Apple Services Impacted on Fourth of July

On July 4, 2019, just before 9AM PT, users connecting to Apple’s website and some of its services, such as Apple Pay, began experiencing significant packet loss for a period of over 90 minutes. This issue prevented many users from successfully connecting to Apple. Our route visibility demonstrated that the packet loss was caused by a BGP route flap. A BGP route flap is caused when a routing announcement is made and withdrawn in quick succession, often repeatedly.

While Apple services are certainly important for many Internet users, the fact that the incident occurred early on a holiday seems to have prevented the incident from sparking more than a few user complaints. The lesson from this incident is that outages don’t happen in a vacuum. Sometimes even significant outages may go unnoticed (or conversely create significant uproar) simply based on their timing and context.

September 6 — DDoS Attackers Target the Internet’s Knowledge Base

On September 6, 2019, access to Wikipedia sites from around the world was disrupted for close to nine hours, the result of a massive and sustained Distributed Denial of Service (DDoS) attack. DDoS attacks can overwhelm their target’s web infrastructure and also create congestion within service provider networks that can lead to packet loss. These effects are exactly what we observed when Wikipedia came under attack.

During the course of the incident, we saw a significant drop in HTTP server availability from around the world, as well as a dramatic increase in HTTP response times. As a result, users across many regions were unable to establish an Internet connection for ongoing communication with Wikipedia servers. we also measured packet loss of up to 60% from our global vantage points, a condition that would have further prevented access to Wikipedia sites.

While DDoS events are an unfortunate reality of operating on the Internet, organizations should have visibility into the scope, impact and behavior of these events and be able to validate that DDoS mitigation steps are effective.

Source link

Ryzen CPUs On Linux Finally See CCD Temperatures, Current + Voltage Reporting

AMD --

One of the few frustrations with the AMD Ryzen CPU support on Linux to date has been besides the often delayed support for CPU temperature reporting has been the mainline kernel not supporting voltage readings and other extra sensors. But that is finally changing with the “k10temp” driver being extended to include current and voltage reporting plus CCD temperature reporting on Zen 2 processors.

There has been the out-of-tree Zenpower driver and other efforts to provide this information on Linux but hasn’t been officially backed by AMD and not mainlined in the kernel, thus greatly reducing the exposure to potential users. But now the k10temp driver is finally being extended to include these extra information outputs.

Linux HWMON maintainer Guenter Roeck has been working on these driver improvements to k10temp. Besides some code improvements, the new patches support reporting Core Complex Die (CCD) temperatures on Zen 2 processors. Additionally, for Ryzen CPUs (Zen 1 included) are core/SoC current and voltage information.

With this for current Ryzen 3000 series processors the patched k10temp Linux driver should expose Vcore, VSoc, Tdie, Tctl, Tccd1, Tccd2, Icore, and Isoc outputs.

Guenter posted these patches to the kernel mailing list. He’s looking for more testing on these k10temp improvements before he will queue them up for mainline kernel inclusion… Thus if you are hoping to see this work for the upcoming Linux 5.6 cycle, you better start doing some testing on AMD CPUs ASAP and pass along your findings (and, yes, I’ll be joining in on this testing party). Regardless of whether it happens for Linux 5.6 or takes another cycle, at least these driver improvements are now happening and hopefully moving forward AMD engineers will be able to make more proactive contributions.

Intel’s Mitigation For CVE-2019-14615 Graphics Vulnerability Obliterates Gen7 iGPU Performance

Yesterday we noted that the Linux kernel picked up a patch mitigating an Intel Gen9 graphics vulnerability. It didn’t sound too bad at first but then seeing Ivy Bridge Gen7 and Haswell Gen7.5 graphics are also affected raised eyebrows especially with that requiring a much larger mitigation. Now in testing the performance impact, the current mitigation patches completely wreck the performance of Ivybridge/Haswell graphics performance.

The vulnerability being discussed and analyzed this week is CVE-2019-14615. This CVE still hasn’t been made public over 24 hours later (though there are the Intel SA-00314 details for this disclosure), but from going through kernel patches and other resources, it certainly caught our interest right away and have been benchmarking it since yesterday evening. The CVE-2019-14615 vulnerability amounts to a new information disclosure issue due to insufficient control flow in certain data structures. Local access is required for exploiting this control flow issue in the hardware, but it’s not yet known/published if say WebGL within web browsers could exploit this issue. This is a hardware issue with all operating systems being affected. Our testing today, of course, is under Linux.

With the Intel Gen9 graphics mitigation it’s resorting to clearing all execution unit (EU) state at each context switch. That patch was merged to mainline right away and quickly backported to the stable series seeing new point releases. All is fairly well there (including minimal performance impact, as to be shown in this article) but with the Gen7/Gen7.5 mitigation is where the situation becomes quite messy.

The Gen7 graphics mitigation is much larger across two patches and relies upon a custom EU kernel being called prior to every context restore for clearing EU and URB resources. (Gen8 Broadwell graphics is already protected from a prior workaround.) With these patches for Gen7 graphics generation not being merged to mainline and the patch noting that “more analysis is performance on the performance implications,” we expected the graphics performance to take a hit but we didn’t expect it to be as dramatic as what we’re seeing!

First of all, for the very common Gen9 graphics that is basically found on all current Intel PCs besides Gen11 Icelake, the performance hit is indeed minimal… In just some Java 2D micro-benchmarks of its OpenGL pipeline were there any measurable hits to the performance. The Gen9 performance overall had no real impact from its clearing of EU state between context switches. The Gen9 graphics testing was done on an Intel Core i9 9900KS system and using Linux 5.5 Git from yesterday/today during which the mitigation was applied. So that’s all dandy, but when it comes to Gen7 graphics is where there is a major problem:

With this Haswell Core i7 4790K benchmarking, the Java text rendering performance saw its performance even drop like crazy — not to mention the huge hits to various OpenGL games. Granted, not many games run nicely going back to Haswell/Ivybridge era. But the open-source continuation of Enemy Territory saw its frame-rate more than halved with its mitigation. With all of the other games tested were very sizable hits to the frame-rates.

When taking the geometric mean of the i7-4790K, the mitigated results for this new vulnerability saw the HD Graphics 4600 performance drop down to 58% the performance prior to mitigating this single vulnerability.

But this is just the teaser data, continue on for more details on not only the Core i7 4790K but also having re-tested the Core i7 3770K after being shocked at the CVE-2019-14615 mitigation hit for Gen7.

A Slew Of ACO Optimizations For The Radeon Vulkan Driver Landed In Mesa 20.0


The Valve-backed ACO compiler back-end that is optionally used by the RADV Radeon Vulkan driver has continued growing in popularity with Linux gamers and also has continued maturing a lot for Mesa 20.0 that is due out later this quarter.

On top of the work that has merged already for ACO since its original mainlining in Mesa 19.3, optimizations and fixes are aplenty for ACO with RADV come Mesa 20.0.

Merged yesterday were instruction combining improvements for ACO that can particularly benefit Navi/GFX10 but also older generations. With the combining work, the number of instructions used when compiling shaders for popular games dropped by about 2.4%.

Separately merged were patches that have been around for about two months on uniform boolean optimizations. This helps a very tiny bit in the slightly smaller code size.

This and other ACO work will make for fun Mesa 20.0 testing shortly. Mesa 20.0 should be hitting its release candidate / feature freeze around the end of January and ideally releasing as stable about one month later, pending any blocker bugs pushing back the release for any significant amount of time.