Tag Archives: ubuntu

GCC 9 Compiler Tuning Benchmarks On Intel Skylake AVX-512

Recently I carried out a number of GCC 9 compiler benchmarks on AMD EPYC looking at the performance benefits of “znver1” compiler tuning and varying optimization levels to see when this level of compiler tuning pays off. There was interest from that in seeing some fresh Intel Skylake-X / AVX-512 figures, so here are those benchmarks of GCC 9 with various tuning options and their impact on the performance of the generated binaries.

This round of testing was done with an Intel Core i9 7980XE as the most powerful AVX-512 HEDT CPU I have available for testing. The Core i9 7980XE was running Ubuntu 18.10 with the Linux 4.18 kernel and I had manually built the GCC 9.0.1 2019-02-17 compiler snapshot (the most recent at the time of testing) in its release/optimized form.

The CFLAGS/CXXFLAGS used for this GCC 9 compiler tuning benchmarks were:




-O2 -march=skylake-avx512


-O3 -march=x86-64

-O3 -march=skylake

-O3 -march=skylake-avx512

-O3 -march=skylake-avx512 -flto

-Ofast -march=skylake-avx512

This offers a look from no GNU Compiler Collection optimizations through all the standard optimizations, looking at Skylake vs. Skylake-AVX512 tuning, the benefits of link-time optimization on this new compiler, and also being aggressive with performance but at potentially unsafe math via the “-Ofast” level.

71 benchmarks were run at each of these optimization levels on the Intel i9-7980XE system. All of these compiler benchmarks were facilitated in a fully-automated and reproducible manner using the open-source Phoronix Test Suite benchmarking software.

27 CPUs Benchmarked With AOM AV1, Intel SVT VP9/AV1/HEVC Video Encoders


With there being a lot of interest from when Intel recently open-sourced their SVT-AV1 video encoder and more recently their VP9 video encoder also under the “Scalable Video Technologies” umbrella, here are benchmarks from 27 different systems showing off their performance. Plus for kicks there are also some other CPU-based video encode benchmarks including AOM-AV1 and others.

As a lot of Phoronix readers were interested in the earlier SVT-AV1 benchmarks with how Intel is already making strides on their CPU-based video encoders, here are even more benchmarks using 27 different systems in the benchmark farm.

It’s quite a diverse mix of systems tested:

On 27 very different Intel and AMD systems I ran a variety of benchmarks for your viewing pleasure to kick off the new week. The common factor of the 27 systems was using the same Ubuntu 18.10 installation but beyond that they were new and old hardware, HEDTs to low-end.

None of the tested systems could hit more than 1FPS for AOM-AV1 video encoding with the encoder in its present state.

With the Intel SVT-AV1 video encoder, meanwhile, the best systems of today were achieving up to 9 FPS…

While the SVT-HEVC encoder for H.265 content was achieving close to 300 FPS. The SVT video encoders really crave lots of RAM, so on older systems with limited amounts of system memory, the performance appears to be worse off than the reference encoders.

The SVT-VP9 encoder also performs quite well on the various Intel and AMD CPUs benchmarked. The AVX-512 capable CPUs really shine with this Intel open-source video encoder really being well optimized there.

The SVT-VP9 performance is much better than libvpx’s vpxenc for CPU-based VP9 video encoding.

I ran some x264 tests while I was at it in the benchmark farm…

Enjoy the numbers as you wish, it will certainly be an interesting ride particularly for how well Intel’s SVT HEVC/VP9/AV1 video encoders evolve in the weeks/months ahead as being open-source already they have proven to be quite aggressive compared to the various reference encoders.

ASRock Rack EPYCD8-2T Makes For A Great Linux/BSD EPYC Workstation – 7-Way OS AMD 7351P Benchmarks

If you are looking to assemble an AMD EPYC workstation, a great ATX motherboard up for the task is the ASRock Rack EPYCD8-2T that accommodates a single EPYC processor, eight SATA 3.0 ports (including SAS HD), dual M.2 PCIe slots, dual 10 Gigabit Ethernet ports,and four PCI Express 3.0 x16 slots all within ATX’s 12 x 9.6-inch footprint. This motherboard has been running well not only with various Linux distributions but also DragonFlyBSD and FreeBSD.

I picked up the ASRock EPYCD8-2T several weeks back and it’s been working out very well as an EPYC 1P board and especially if you are looking more for a desktop/workstation-oriented EPYC build but can work just fine as a server board as well, this board has the common ASpeed AST2500 BMC controller. With the single SP3 socket are eight DDR4 memory slots to keep EPYC happy with its eight DDR4-2666 memory channels compared to four on Threadripper. For plenty of connectivity this motherboard has four PCI Express 3.0 x16 slots as well as three PCI Express 3.0 x8 slots. The PCIe slots and ATX size of the motherboard make this board practical should you be wanting a multi-GPU workstation for some scientific workloads that can also commonly leverage the eight memory channels of EPYC. For storage there are plenty of SATA 3.0 ports as well as two SAS HD headers and also two OCuLink ports for U.2 SSDs.

On the networking side there are dual 10 Gigabit RJ45 connections via Intel X550 controllers and the third RJ45 for the IPMI LAN port. It’s great having dual 10 Gigabit LAN on this board and its other feature set considering this ATX EPYC motherboard retails for just above $500 USD — not out of line with other single-socket EPYC motherboards retailing these days from just under $400 USD to $700 at major Internet retailers.

Rear I/O panel ports include serial, VGA for the ASpeed AST2500 controller, two USB 3.0 ports, and the three RJ45 jacks (dual 10 Gigabit, IPMI LAN). It could have been nice seeing more than two USB3 ports on the rear if you do intend for this board to be more of a workstation-style setup, but is certainly suffice for servers and there’s always USB hubs or utilizing one of the many PCIe slots for an extra adapter.

ASRock Rack officially supports this motherboard for Windows Server 2012/2016 as well as RHEL 6.9 / RHEL/CentOS 7, SUSE Linux Enterprise Server 11, and Ubuntu 16.04. Besides those enterprise Linux targets, the EPYCD8-2T works as well with other Linux distributions especially the many up-to-date Fedora, Ubuntu, Arch, and other releases. These days any Linux distribution released in the past year or two is working fine with AMD EPYC processors. I personally tested this ASRock EPYCD8-2T with Fedora Workstation 29, CentOS 7, Debian 9.8, Clear Linux 27910, and openSUSE Leap 15.0. The experience was pleasant and without any issues to report on the Linux side.

While Linux distributions work well with all the AMD EPYC tests we run at Phoronix, some of the servers/motherboards we have tested have run into various issues with the BSD operating systems. Fortunately, the EPYCD8-2T is also in good shape there: both DragonFlyBSD 5.4.1 and FreeBSD 12.0 booted up, installed, and subsequently run without any problems on this motherboard. It’s great to see all of the major operating systems running nicely on this EPYC ATX board!

B0r0nt0K Ransomware Threatens Linux Servers | Software

By Jack M. Germain

Feb 27, 2019 12:21 PM PT

A new cryptovirus called “B0r0nt0K” has been putting Linux and possibly Windows Web servers at risk of encrypting all of the infected domain’s files.

The new ransomware threat and the ransom of 20 bitcoins (about US$75,000) first
came to light last week, based on a post on Bleeping Computer’s user forum.

A client’s website had all its files encrypted and renamed with the .rontok extension appended to them, the forum user indicated. The website was running on Ubuntu 16.04.

The B0r0nt0K ransom note is not displayed in a text format or in the message itself, based on the report. Instead, the screen display on the infected system links to the ransomware developer’s
website, which delivers details of the encryption and the payment demand. The display includes a personal ID required for logging onto the site.

“The initial compromise vector in this incident is not yet known nor has a sample of the malware been obtained by researchers,” said Kent Blackwell, threat and vulnerability assessment manager at
Schellman & Company.

“Without a sample of the malware or other indicator of compromise, it is likely that most antivirus products — particularly those that rely on static signatures — will fail to prevent this infection,” he told LinuxInsider.

Payment Risky Business

After completing the logon to the ransomware developer’s website, a payment page appears that includes the bitcoin ransom amount, the bitcoin payment address, and the info@botontok.uk email to contact the developers.

The inclusion of contact information on one of the displayed message screens suggests that the developers are willing to negotiate the price, according to
2-Spyware.com. The word “Negotiate?” precedes the email address to reach the ransomware developers.

The ransom note is generated on the screen of a Web browser window. The virus developers encourage infection victims to pay the ransom in three days via the form on their provided website to avoid the permanent deletion of their files.

However, the alleged decryption key might never be delivered to victims who pay the huge ransom amount, 2-Spyware.com warns on its website. The company recommends not paying the ransom since it gives no guarantee.

Hidden Damage

A cryptovirus like B0r0nt0k can disable security tools or other functions to keep running without interruption, warns 2-Spyware.com. The B0r0nt0k ransomware can alter more crucial parts of the computer if left untreated.

The asking price for this ransom is quite high and suggests a potential ulterior motive, according to Mounir Hahad, head of the Juniper Threat Labs at
Juniper Networks.

“Maybe the perpetrator is just testing his approach on a less prominent website before moving on to wealthier targets,” he told LinuxInsider.

It is not yet known how the ransomware was executed on the victim’s Web server, said Blackwell.

“Ransomware needs a way in,” said Josh Tomkiel, threat and vulnerability assessment manager at Schellman & Company.

“While it may not be currently clear how the B0r0nt0K ransomware was able to establish a foothold on the affected Linux servers in question, typically it comes back to server misconfigurations or from running out-of-date versions of software with known remote code execution vulnerabilities,” he told LinuxInsider.

Keep Your Guard Up

A persistent threat lurks with cryptoware, even if you succeed in decrypting your files, Tomkiel warned. Never assume that you are “out of the woods yet.”

A ransomware author easily can add a backdoor into that server for remote access at a later time, so restoring from a backup is really the only solution, he noted.

“Do not assume paying the ransom will allow you to decrypt your data. There is no guarantee that the ransomware author is going to uphold their end of the bargain,” said Tomkiel.

All that appears certain about the B0r0nt0k ransomware is that it is not a novel attack.

So far, the B0r0nt0K ransomware stands out only for to the ransom amount it seeks, Blackwell said.

“There is nothing particularly novel about this specific attack, although it looks not to have been triggered by clicking on an email,” Nathan Wenzler, senior director of cybersecurity at
Moss Adams, told LinuxInsider.

No Backups? Big Trouble

Ransomware attacks like B0r0nt0K prey on organizations that lack preparation. You may be in trouble if you don’t have a recent backup and have fallen victim to B0r0nt0k ransomware, warned Marc Laliberte, senior threat analyst at
WatchGuard Technologies.

“We don’t have a copy of the payload to analyze at this time because B0r0nt0K is so new, but we do know the ransomware uses strong encryption — likely an AES variant, which is the standard for ransomware these days,” he told LinuxInsider.

This means you should not bank on being able to decrypt your files without paying, Laliberte noted — but paying the ransom does not always guarantee you will get your files back.

“The only thing guaranteed by paying is that these threat actors now have more funding and incentive to launch further attacks. This is why having a backup and restoration process is critical for every organization,” he said.

Restoring backups after a ransomware attack is still a time-consuming process, though, which means you also should take steps to prevent the infection in the first place. Applying the latest security patches to your applications and servers is potentially the single most important step you can take to shore up your defenses, but it is not enough, Laliberte cautioned.

“Combating ransomware requires a multilayer defensive approach, including intrusion prevention services to block application exploits, and advanced malware-detection tools that use machine learning and behavioral detection to identify evasive payloads,” he said.

Employee training is critical too, as most traditional ransomware attacks start with a phishing email. Phishing awareness, paired with technical defensive tools, can go a long way toward keeping your organization safe from ransomware like B0r0nt0K, according to Laliberte.

What Else to Do

The most active way to prevent B0r0nt0K from entering your Linux server is to close the SSH (secure shell) and the FTP (file transfer protocol) ports, said Victor Congionti, CEO of
Proven Data.

“These are two of the main approaches … these hackers seem to be targeting to run the encryption scripts. The ransomware seems to use a base64 algorithm which converts characters to bits, which creates an extremely difficult decryption process to regain control,” he told LinuxInsider.

It is also possible that these attacks are being sent in through basic CMS (content management system) vulnerabilities. If users on Linux are utilizing a CMS to manage the content on their website, it is possible that this serves as a vulnerability in the security framework of the system, Congionti noted.

It is becoming more common for cybercriminals to find exposures in these seemingly secure applications, which allows them to make drastic changes to the security and permission settings of the network, he pointed out.

Most websites are deployed using a source version control system that can redeploy a clean version of the website in no time, noted Juniper’s Hahad.

“The only potentially permanent damage is to any content management system database if such a thing is used and is not backed up,” he said.

Don’t Pay – Do This Instead

Victims definitely should not pay the ransom. Instead, Hahad suggests the following:

  • Restore the site from source control or backups;
  • Change all admin passwords;
  • Audit the software stack for known vulnerabilities that could have allowed the attacker in, and patch as appropriate;
  • Audit the site’s configuration for any weak spots;
  • Disable services that are not critical, and close those open ports;
  • Ensure backups are operational; and
  • Conduct a penetration test of the Internet-facing network footprint.

One final suggestion is to assume a breach, said Darin Pendergraft, vice president at
Stealthbits Technologies.

“The best way to be prepared is to assume you will be breached, and then take steps to secure your servers and workstations accordingly,” he told LinuxInsider. “Assume an attacker is in your network and has control of a workstation. Then decide what data or IT resources they will want to steal or encrypt. Then take the extra steps to secure those resources.”

Top priority is to find your sensitive data, Pendergraft said. These include patient data, customer information and financial records. Make sure they are secured and accessible only by approved employees. Monitor those resources for unusual file behavior like bulk copy, delete or file encryption. Ensure you have an emergency plan in place to react within minutes.

“These steps won’t prevent an attack,” he acknowledged, “but they could mean the difference between a security incident and a full-blown breach.”

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.

Source link

Linux 5.0 Kernel Performance Is Sliding In The Wrong Direction

With the Linux 5.0 kernel performance approaching the finish line, the past few days I’ve been ramping up my tests of this new kernel in our benchmarking farm. Unfortunately, when looking at the results at a macro level it’s pointing towards Linux 5.0 yielding lower performance than previous kernel releases.

I haven’t spotted any workload yet yielding a catastrophic performance regression on Linux 5.0 compared to 4.20 and earlier, but in a lot of workloads the 5.0 kernel is running faintly slower than 4.20. At first I thought it was isolated to just a particular box or two, but as my testing has increased, it’s happened on a variety of at least x86_64 Intel/AMD hardware tested so far.

For a wide look at the kernel performance I have been running dozens of different benchmarks on each system, with some of the boxes going as far back as Linux 4.12 or the better part of two years ago. I’ve also taken the geometric mean of all tests successfully run on all tested kernel combinations and that’s where it’s clear Linux 5.0 is running slower than previous kernels…

All kernels were from the Ubuntu Mainline Kernel PPA and kept to their stock settings, including for any Spectre/Meltdown/security settings. First up I was testing an Intel Core i9 7960X thanks to its 16 cores / 32 threads for quickly pounding through many different benchmarks.

When looking at the geometric mean across the dozens of tests carried out, Linux 5.0 Git is clearly slower than its predecessors. With this box going back to Linux 4.12, keep in mind between Linux 4.14 and 4.15 is when Spectre/Meltdown came to light and began introducing in-kernel mitigations like PTI and Retpolines. But Linux 5.0 Git is clearly coming in as slower, which has been a similar outcome on other systems tested.