Meltdown/Spectre patches for E2E Networks Cloud & Dedicated servers

January 11, 2018

What are Meltdown and Spectre?Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location. For a more technicaldiscussion, we refer to the papers (Meltdownand Spectre)Several microarchitectural (hardware) implementation issues affecting many modern microprocessors havesurfaced recently. As explained in Red Hat'ssecurity advisory, fixing these requires"updates to the Linux kernel, virtualization-related components, and/or in combination with a microcode update. An unprivileged attacker can use these flaws to bypass conventional memory security restrictions in order to gain read access to privileged memory that would otherwise be inaccessible. There are 3 known CVEs related to this issue in combination with Intel, AMD, and ARM architectures. All three rely upon the fact that modern high performance microprocessors implement both speculative execution, and utilize VIPT (Virtually Indexed, Physically Tagged) level 1 data caches that may become allocated with data in the kernel virtual address space during such speculation.

Overview

  • CVE-2017-5753 (variant #1/Spectre) is a Bounds-checking exploit during branching. This issue is fixed with a kernel patch. Variant #1 protection is always enabled; it is not possible to disable the patches. Red Hat’s performance testing for variant #1 did not show any measurable impact.
  • CVE-2017-5715 (variant #2/Spectre) is an indirect branching poisoning attack that can lead to data leakage. This attack allows for a virtualized guest to read memory from the host system. This issue is corrected with microcode, along with kernel and virtualization updates to both guest and host virtualization software. This vulnerability requires both updated microcode and kernel patches. Variant #2 behavior is controlled by the ibrs and ibpb tunables (noibrs/ibrs_enabled and noibpb/ibpb_enabled), which work in conjunction with the microcode.
  • CVE-2017-5754 (variant #3/Meltdown) is an exploit that uses speculative cache loading to allow a local attacker to be able to read the contents of memory. This issue is corrected with kernel patches. Variant #3 behavior is controlled by the pti tunable (nopti/pti_enabled).

Patching instructions for Customers using E2E Cloud or VIRTUAL MACHINES -

Current status: E2E Cloud Infrastructure utilizes Xen Paravirtualization for the best possible performance. Virtual machine kernels running in 64-bit PV mode are not directly vulnerable to attack using Meltdown, because 64-bit PV guests already run in a KPTI-like mode.[CentOS Users] - The currently released patched kernel from Red Hat causes the virtual machines to not boot on Xen PV. This has been separately confirmed by people in the AWS and Citrix communities -https://forums.aws.amazon.com/thread.jspa?messageID=823179https://discussions.citrix.com/topic/392239-new-centos-6-kernel-fails-to-boot-on-xenserver-65/We are awaiting revised kernel packages from Red Hat which will be suitable for use by our cloud customers. We will send out an update when they become available. For now, please continue with the older stable non-patched kernel in your CentOS virtual machines.[Ubuntu and Debian Users] Please follow the same instructions as provided for users of dedicated machines below:-

Patching instructions for Customers using DEDICATED MACHINES -

The following sections give information pertaining to available updates for CentOS, Ubuntu and Debian distributions.Update all affected packages. Update your kernel and reboot into the same. You may ignore qemu-kvm and libvirt packages unless you are using virtualization packages.For more information on optionally disabling the fixes while using the new kernels, see the Red Hat article in the Notes section at the end.

Fix on CentOS

[Note] If you are a CentOS user using cloud/virtual machines, _do not_ proceed with the kernel upgrades. Please see patching instructions for CentOS virtual machines in the previous section of this document.$ sudo yum update kernel microcode_ctl linux-firmware qemu-kvm libvirtEdit /boot/grub/grub.conf on CentOS 6 such that default=0 is set, signifying that the latest kernel (mentioned at the top of the list of boot entries) should be booted.On CentOS 6, the first 8 uncommented lines of grub.conf should look like this -default=0timeout=5splashimage=(hd0,0)/grub/splash.xpm.gzhiddenmenutitle CentOS (2.6.32-696.18.7.el6.x86_64) root (hd0,0) kernel /vmlinuz-2.6.32-696.18.7.el6.x86_64 ro root=/dev/mapper/storage-root rd_NO_LUKS LANG=en_US.UTF-8 rd_MD_UUID=85d9e5f1:57836183:aebaae46:2601caca SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=storage/root KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet initrd /initramfs-2.6.32-696.18.7.el6.x86_64.imgOn CentOS 7, verify /boot/grub2/grub.cfg -grep -A1 "BEGIN /etc/grub.d/10_linux" /boot/grub2/grub.cfg ### BEGIN /etc/grub.d/10_linux ###menuentry 'CentOS Linux (3.10.0-693.11.6.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-693.el7.x86_64-advanced-93c83fb8-fd60-445a-8f0b-3be17d41146b' {Boot into the new kernel: For CentOS dedicated machines, use the “reboot” command.

Fixed packages for CentOS

Fix on Ubuntu

Current patch will only address CVE-2017-5754 (aka Meltdown or Variant 3) for x86_64. A fix for “Spectre” variants will be available soon. Ubuntu 17.04 will not receive any fix.$ sudo apt-get update[ for Ubuntu 16.04 ]$ sudo apt-get install linux-generic[ for Ubuntu 14.04 ]$ sudo apt-get install linux-image-4.4.0-108-genericEdit /boot/grub/menu.lst such that default=0 is set, signifying that the latest kernel (mentioned at the top of the list of boot entries) should be booted. The first 8 uncommented lines of menu.lst should look like this -default=0timeout=10title vmlinuz-4.4.0-108-generic root (hd0,0) kernel /boot/vmlinuz-4.4.0-108-generic root=/dev/xvda console=hvc0 ro initrd /boot/initrd.img-4.4.0-108-genericBoot into the new kernel: For Ubuntu cloud/virtual machines, use the reboot buttonon the cloud console and for dedicated machines, use the “reboot” command.

Fixed packages for Ubuntu

PackageVersionSerieslinux4.4.0-108.131Xenial 16.04linux4.13.0-25.29Artful 17.10linux-aws4.4.0-1047.56Xenial 16.04linux-aws4.4.0-1009.9Trusty 14.04linux-azure4.13.0-1005.7Xenial 16.04linux-euclid4.4.0-9021.22Xenial 16.04linux-gcp4.13.0-1006.9Xenial 16.04linux-hwe-edge4.13.0-25.29~16.04.1Xenial 16.04linux-kvm4.4.0-1015.20Xenial 16.04linux-lts-xenial4.4.0-108.131~14.04.1Trusty 14.04linux-oem4.13.0-1015.16Xenial 16.04

Fix on Debian

CVE-2017-5754 (aka Meltdown or Variant 3) is fixed. "Spectre" mitigations are a work in progress.$ sudo apt-get update$ sudo apt-get install linux-image-amd64This will install the updated kernel release package linux-image-3.16.0-5-amd64 on Debian 8 and linux-image-4.9.0-5-amd64 on Debian 9.Boot into the new kernel: For Ubuntu cloud/virtual machines, use the reboot buttonon the cloud console and for dedicated machines, use the “reboot” command. With the new kernel version, you should see 3.16.51-3+deb8u1 for Debian 8 Jessie and 4.9.65-3+deb9u2 for Debian 9 -# uname -srvLinux 3.16.0-5-amd64 #1 SMP Debian 3.16.51-3+deb8u1 (2018-01-08)# uname -srvLinux 4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04)

Vulnerable and fixed packages for Debian

Source PackageReleaseVersionStatuslinux (PTS)wheezy3.2.78-1vulnerablewheezy (security)3.2.96-3fixedjessie3.16.51-2vulnerablejessie (security)3.16.51-3+deb8u1fixedstretch4.9.65-3vulnerablestretch (security)4.9.65-3+deb9u2fixedbuster4.14.7-1vulnerablesid4.14.12-2fixedThe information below is based on the following data on fixed versions.PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugslinuxsource(unstable)4.14.12-1mediumlinuxsourcejessie3.16.51-3+deb8u1mediumDSA-4082-1linuxsourcestretch4.9.65-3+deb9u2mediumDSA-4078-1linuxsourcewheezy3.2.96-3mediumDLA-1232-1

Fix on Windows

Windows Server-based machines (physical or virtual) should get the Windows security updates that were released on January 3, 2018, and are available from Windows Update. The following updates are available:Operating system versionUpdate KBWindows Server, version 1709 (Server Core Installation)4056892Windows Server 20164056890Windows Server 2012 R24056898Windows Server 2012Not availableWindows Server 2008 R24056897Windows Server 2008Not availableUse these registry keys to enable the mitigations on the server and make sure that the system is restarted for the changes to take effect:Switch | Registry SettingsTo enable the fixreg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /freg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /freg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /fIf this is a Hyper-V host and the firmware updates have been applied: fully shutdown all Virtual Machines (to enable the firmware related mitigation for VMs you have to have the firmware update applied on the host before the VM starts).Restart the server for changes to take effect.To disable this fixreg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /freg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /fRestart the server for the changes to take effect.(There is no need to change MinVmVersionForCpuBasedMitigations.)Note For Hyper-V hosts, live migration between patched and unpatched hosts may fail: See https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/CVE-2017-5715-and-hyper-v-vms for more information.

Verifying that protections are enabled

To help customers verify that protections have been enabled, Microsoft has published a PowerShell script that customers can run on their systems. Install and run the script by running the following commands:    PowerShell Verification using the PowerShell Gallery (Windows Server 2016 or WMF 5.0/5.1)    Install the PowerShell Module

   PS> Install-Module SpeculationControl

   Run the PowerShell module to validate the protections are enabled

   PS> # Save the current execution policy so it can be reset

   PS> $SaveExecutionPolicy = Get-ExecutionPolicy

   PS> Set-ExecutionPolicy RemoteSigned -Scope Currentuser

   PS> Import-Module SpeculationControl

   PS> Get-SpeculationControlSettings

   PS> # Reset the execution policy to the original state

   PS> Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

   PowerShell Verification using a download from Technet (Earlier OS versions/Earlier WMF versions)    Install the PowerShell Module from Technet ScriptCenter.Go to https://aka.ms/SpeculationControlPSDownload SpeculationControl.zip to a local folder. Extract the contents to a local folder, for example C:\ADV180002    Run the PowerShell module to validate the protections are enabledStart PowerShell, then (using the example above), copy and run the following commands:

   PS> # Save the current execution policy so it can be reset

   PS> $SaveExecutionPolicy = Get-ExecutionPolicy

   PS> Set-ExecutionPolicy RemoteSigned -Scope Currentuser

   PS> CD C:\ADV180002\SpeculationControl

   PS> Import-Module .\SpeculationControl.psd1

   PS> Get-SpeculationControlSettings

   PS> # Reset the execution policy to the original state

   PS> Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

The output of this PowerShell script will resemble the following. Enabled protections appear in the output as “True.”

PS C:\> Get-SpeculationControlSettings

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True

Windows OS support for kernel VA shadow is present: True

Windows OS support for kernel VA shadow is enabled: True

Windows OS support for PCID optimization is enabled: True

Notes and References

Performance impact (Linux): Speculative execution is a performance optimization technique. Thus, these updates (both kernel and microcode) may result in workload-specific performance degradation. Therefore, some customers who feel confident that their systems are well protected by other means (such as physical isolation), may wish to disable some or all of these kernel patches. If the end user elects to enable the patches in the interest of security, this article provides a mechanism to conduct performance characterizations with and without the fixes enabled. Controlling the Performance Impact of Microcode and Security Patches for CVE-2017-5754 CVE-2017-5715 and CVE-2017-575https://meltdownattack.com/]]>

Latest Blogs
This is a decorative image for Project Management for AI-ML-DL Projects
June 29, 2022

Project Management for AI-ML-DL Projects

Managing a project properly is one of the factors behind its completion and subsequent success. The same can be said for any artificial intelligence (AI)/machine learning (ML)/deep learning (DL) project. Moreover, efficient management in this segment holds even more prominence as it requires continuous testing before delivering the final product.

An efficient project manager will ensure that there is ample time from the concept to the final product so that a client’s requirements are met without any delays and issues.

How is Project Management Done For AI, ML or DL Projects?

As already established, efficient project management is of great importance in AI/ML/DL projects. So, if you are planning to move into this field as a professional, here are some tips –

  • Identifying the problem-

The first step toward managing an AI project is the identification of the problem. What are we trying to solve or what outcome do we desire? AI is a means to receive the outcome that we desire. Multiple solutions are chosen on which AI solutions are built.

  • Testing whether the solution matches the problem-

After the problem has been identified, then testing the solution is done. We try to find out whether we have chosen the right solution for the problem. At this stage, we can ideally understand how to begin with an artificial intelligence or machine learning or deep learning project. We also need to understand whether customers will pay for this solution to the problem.

AI and ML engineers test this problem-solution fit through various techniques such as the traditional lean approach or the product design sprint. These techniques help us by analysing the solution within the deadline easily.

  • Preparing the data and managing it-

If you have a stable customer base for your AI, ML or DL solutions, then begin the project by collecting data and managing it. We begin by segregating the available data into unstructured and structured forms. It is easy to do the division of data in small and medium companies. It is because the amount of data is less. However, other players who own big businesses have large amounts of data to work on. Data engineers use all the tools and techniques to organise and clean up the data.

  • Choosing the algorithm for the problem-

To keep the blog simple, we will try not to mention the technical side of AI algorithms in the content here. There are different types of algorithms which depend on the type of machine learning technique we employ. If it is the supervised learning model, then the classification helps us in labelling the project and the regression helps us predict the quantity. A data engineer can choose from any of the popular algorithms like the Naïve Bayes classification or the random forest algorithm. If the unsupervised learning model is used, then clustering algorithms are used.

  • Training the algorithm-

For training algorithms, one needs to use various AI techniques, which are done through software developed by programmers. While most of the job is done in Python, nowadays, JavaScript, Java, C++ and Julia are also used. So, a developmental team is set up at this stage. These developers make a minimum threshold that is able to generate the necessary statistics to train the algorithm.  

  • Deployment of the project-

After the project is completed, then we come to its deployment. It can either be deployed on a local server or the Cloud. So, data engineers see if the local GPU or the Cloud GPU are in order. And, then they deploy the code along with the required dashboard to view the analytics.

Final Words-

To sum it up, this is a generic overview of how a project management system should work for AI/ML/DL projects. However, a point to keep in mind here is that this is not a universal process. The particulars will alter according to a specific project. 

Reference Links:

https://www.datacamp.com/blog/how-to-manage-ai-projects-effectively

https://appinventiv.com/blog/ai-project-management/#:~:text=There%20are%20six%20steps%20that,product%20on%20the%20right%20platform.

https://www.datascience-pm.com/manage-ai-projects/

https://community.pmi.org/blog-post/70065/how-can-i-manage-complex-ai-projects-#_=_

This is a decorative image for Top 7 AI & ML start-ups in Telecom Industry in India
June 29, 2022

Top 7 AI & ML start-ups in Telecom Industry in India

With the multiple technological advancements witnessed by India as a country in the last few years, deep learning, machine learning and artificial intelligence have come across as futuristic technologies that will lead to the improved management of data hungry workloads.

 

The availability of artificial intelligence and machine learning in almost all industries today, including the telecom industry in India, has helped change the way of operational management for many existing businesses and startups that are the exclusive service providers in India.

 

In addition to that, the awareness and popularity of cloud GPU servers or other GPU cloud computing mediums have encouraged AI and ML startups in the telecom industry in India to take up their efficiency a notch higher by combining these technologies with cloud computing GPU. Let us look into the 7 AI and ML startups in the telecom industry in India 2022 below.

 

Top AI and ML Startups in Telecom Industry 

With 5G being the top priority for the majority of companies in the telecom industry in India, the importance of providing network affordability for everyone around the country has become the sole mission. Technologies like artificial intelligence and machine learning are the key digital transformation techniques that can change the way networks rotates in the country. The top startups include the following:

Wiom

Founded in 2021, Wiom is a telecom startup using various technologies like deep learning and artificial intelligence to create a blockchain-based working model for internet delivery. It is an affordable scalable model that might incorporate GPU cloud servers in the future when data flow increases. 

TechVantage

As one of the companies that are strongly driven by data and unique state-of-the-art solutions for revenue generation and cost optimization, TechVantage is a startup in the telecom industry that betters the user experiences for leading telecom heroes with improved media generation and reach, using GPU cloud online

Manthan

As one of the strongest performers is the customer analytics solutions, Manthan is a supporting startup in India in the telecom industry. It is an almost business assistant that can help with leveraging deep analytics for improved efficiency. For denser database management, NVIDIA A100 80 GB is one of their top choices. 

NetraDyne

Just as NVIDIA is known as a top GPU cloud provider, NetraDyne can be named as a telecom startup, even if not directly. It aims to use artificial intelligence and machine learning to increase road safety which is also a key concern for the telecom providers, for their field team. It assists with fleet management. 

KeyPoint Tech

This AI- and ML-driven startup is all set to combine various technologies to provide improved technology solutions for all devices and platforms. At present, they do not use any available cloud GPU servers but expect to experiment with GPU cloud computing in the future when data inflow increases.

 

Helpshift

Actively known to resolve customer communication, it is also considered to be a startup in the telecom industry as it facilitates better communication among customers for increased engagement and satisfaction. 

Facilio

An AI startup in Chennai, Facilio is a facility operation and maintenance solution that aims to improve the machine efficiency needed for network tower management, buildings, machines, etc.

 

In conclusion, the telecom industry in India is actively looking to improve the services provided to customers to ensure maximum customer satisfaction. From top-class networking solutions to better management of increasing databases using GPU cloud or other GPU online services to manage data hungry workloads efficiently, AI and MI-enabled solutions have taken the telecom industry by storm. Moreover, with the introduction of artificial intelligence and machine learning in this industry, the scope of innovation and improvement is higher than ever before.

 

 

References

https://www.inventiva.co.in/trends/telecom-startup-funding-inr-30-crore/

https://www.mygreatlearning.com/blog/top-ai-startups-in-india/

This is a decorative image for Top 7 AI Startups in Education Industry
June 29, 2022

Top 7 AI Startups in Education Industry

The evolution of the global education system is an interesting thing to watch. The way this whole sector has transformed in the past decade can make a great case study on how modern technology like artificial intelligence (AI) makes a tangible difference in human life. 

In this evolution, edtech startups have played a pivotal role. And, in this write-up, you will get a chance to learn about some of them. So, read on to explore more.

Top AI Startups in the Education Industry-

Following is a list of education startups that are making a difference in the way this sector is transforming –

  1. Miko

Miko started its operations in 2015 in Mumbai, Maharashtra. Miko has made a companion for children. This companion is a bot which is powered by AI technology. The bot is able to perform an array of functions like talking, responding, educating, providing entertainment, and also understanding a child’s requirements. Additionally, the bot can answer what the child asks. It can also carry out a guided discussion for clarifying any topic to the child. Miko bots are integrated with a companion app which allows parents to control them through their Android and iOS devices. 

  1. iNurture

iNurture was founded in 2005 in Bengaluru, Karnataka. It provides universities assistance with job-oriented UG and PG courses. It offers courses in IT, innovation, marketing leadership, business analytics, financial services, design and new media, and design. One of its popular products is KRACKiN. It is an AI-powered platform which engages students and provides employment with career guidance. 

  1. Verzeo

Verzeo started its operations in 2018 in Bengaluru, Karnataka. It is a platform based on AI and ML. It provides academic programmes involving multi-disciplinary learning that can later culminate in getting an internship. These programmes are in subjects like artificial intelligence, machine learning, digital marketing and robotics.

  1. EnglishEdge 

EnglishEdge was founded in Noida in 2012. EnglishEdge provides courses driven by AI for getting skilled in English. There are several programmes to polish your English skills through courses provided online like professional edge, conversation edge, grammar edge and professional edge. There is also a portable lab for schools using smart classes for teaching the language. 

  1. CollPoll

CollPoll was founded in 2013 in Bengaluru, Karnataka. The platform is mobile- and web-based. CollPoll helps in managing educational institutions. It helps in the management of admission, curriculum, timetable, placement, fees and other features. College or university administrators, faculty and students can share opinions, ideas and information on a central server from their Android and iOS phones.

  1. Thinkster

Thinkster was founded in 2010 in Bengaluru, Karnataka. Thinkster is a program for learning mathematics and it is based on AI. The program is specifically focused on teaching mathematics to K-12 students. Students get a personalised experience as classes are conducted in a one-on-one session with the tutors of mathematics. Teachers can give scores for daily worksheets along with personalised comments for the improvement of students. The platform uses AI to analyse students’ performance. You can access the app through Android and iOS devices.

  1. ByteLearn 

ByteLearn was founded in Noida in 2020. ByteLean is an assistant driven by artificial intelligence which helps mathematics teachers and other coaches to tutor students on its platform. It provides students attention in one-on-one sessions. ByteLearn also helps students with personalised practice sessions.

Key Highlights

  • High demand for AI-powered personalised education, adaptive learning and task automation is steering the market.
  • Several AI segments such as speech and image recognition, machine learning algorithms and natural language processing can radically enhance the learning system with automatic performance assessment, 24x7 tutoring and support and personalised lessons.
  • As per the market reports of P&S Intelligence, the worldwide AI in the education industry has a valuation of $1.1 billion as of 2019.
  • In 2030, it is projected to attain $25.7 billion, indicating a 32.9% CAGR from 2020 to 2030.

Bottom Line

Rising reliability on smart devices, huge spending on AI technologies and edtech and highly developed learning infrastructure are the primary contributors to the growth education sector has witnessed recently. Notably, artificial intelligence in the education sector will expand drastically. However, certain unmapped areas require innovations.

With experienced well-coordinated teams and engaging ideas, AI education startups can achieve great success.

Reference Links:

https://belitsoft.com/custom-elearning-development/ai-in-education/ai-in-edtech

https://www.emergenresearch.com/blog/top-10-leading-companies-in-the-artificial-intelligence-in-education-sector-market

https://xenoss.io/blog/ai-edtech-startups

https://riiid.com/en/about

Build on the most powerful infrastructure cloud

A vector illustration of a tech city using latest cloud technologies & infrastructure