Meltdown/Spectre patches for E2E Networks Cloud & Dedicated servers

January 11, 2018

What are Meltdown and Spectre?Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location. For a more technicaldiscussion, we refer to the papers (Meltdownand Spectre)Several microarchitectural (hardware) implementation issues affecting many modern microprocessors havesurfaced recently. As explained in Red Hat'ssecurity advisory, fixing these requires"updates to the Linux kernel, virtualization-related components, and/or in combination with a microcode update. An unprivileged attacker can use these flaws to bypass conventional memory security restrictions in order to gain read access to privileged memory that would otherwise be inaccessible. There are 3 known CVEs related to this issue in combination with Intel, AMD, and ARM architectures. All three rely upon the fact that modern high performance microprocessors implement both speculative execution, and utilize VIPT (Virtually Indexed, Physically Tagged) level 1 data caches that may become allocated with data in the kernel virtual address space during such speculation.


  • CVE-2017-5753 (variant #1/Spectre) is a Bounds-checking exploit during branching. This issue is fixed with a kernel patch. Variant #1 protection is always enabled; it is not possible to disable the patches. Red Hat’s performance testing for variant #1 did not show any measurable impact.
  • CVE-2017-5715 (variant #2/Spectre) is an indirect branching poisoning attack that can lead to data leakage. This attack allows for a virtualized guest to read memory from the host system. This issue is corrected with microcode, along with kernel and virtualization updates to both guest and host virtualization software. This vulnerability requires both updated microcode and kernel patches. Variant #2 behavior is controlled by the ibrs and ibpb tunables (noibrs/ibrs_enabled and noibpb/ibpb_enabled), which work in conjunction with the microcode.
  • CVE-2017-5754 (variant #3/Meltdown) is an exploit that uses speculative cache loading to allow a local attacker to be able to read the contents of memory. This issue is corrected with kernel patches. Variant #3 behavior is controlled by the pti tunable (nopti/pti_enabled).

Patching instructions for Customers using E2E Cloud or VIRTUAL MACHINES -

Current status: E2E Cloud Infrastructure utilizes Xen Paravirtualization for the best possible performance. Virtual machine kernels running in 64-bit PV mode are not directly vulnerable to attack using Meltdown, because 64-bit PV guests already run in a KPTI-like mode.[CentOS Users] - The currently released patched kernel from Red Hat causes the virtual machines to not boot on Xen PV. This has been separately confirmed by people in the AWS and Citrix communities - are awaiting revised kernel packages from Red Hat which will be suitable for use by our cloud customers. We will send out an update when they become available. For now, please continue with the older stable non-patched kernel in your CentOS virtual machines.[Ubuntu and Debian Users] Please follow the same instructions as provided for users of dedicated machines below:-

Patching instructions for Customers using DEDICATED MACHINES -

The following sections give information pertaining to available updates for CentOS, Ubuntu and Debian distributions.Update all affected packages. Update your kernel and reboot into the same. You may ignore qemu-kvm and libvirt packages unless you are using virtualization packages.For more information on optionally disabling the fixes while using the new kernels, see the Red Hat article in the Notes section at the end.

Fix on CentOS

[Note] If you are a CentOS user using cloud/virtual machines, _do not_ proceed with the kernel upgrades. Please see patching instructions for CentOS virtual machines in the previous section of this document.$ sudo yum update kernel microcode_ctl linux-firmware qemu-kvm libvirtEdit /boot/grub/grub.conf on CentOS 6 such that default=0 is set, signifying that the latest kernel (mentioned at the top of the list of boot entries) should be booted.On CentOS 6, the first 8 uncommented lines of grub.conf should look like this -default=0timeout=5splashimage=(hd0,0)/grub/splash.xpm.gzhiddenmenutitle CentOS (2.6.32-696.18.7.el6.x86_64) root (hd0,0) kernel /vmlinuz-2.6.32-696.18.7.el6.x86_64 ro root=/dev/mapper/storage-root rd_NO_LUKS LANG=en_US.UTF-8 rd_MD_UUID=85d9e5f1:57836183:aebaae46:2601caca SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=storage/root KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet initrd /initramfs-2.6.32-696.18.7.el6.x86_64.imgOn CentOS 7, verify /boot/grub2/grub.cfg -grep -A1 "BEGIN /etc/grub.d/10_linux" /boot/grub2/grub.cfg ### BEGIN /etc/grub.d/10_linux ###menuentry 'CentOS Linux (3.10.0-693.11.6.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-693.el7.x86_64-advanced-93c83fb8-fd60-445a-8f0b-3be17d41146b' {Boot into the new kernel: For CentOS dedicated machines, use the “reboot” command.

Fixed packages for CentOS

Fix on Ubuntu

Current patch will only address CVE-2017-5754 (aka Meltdown or Variant 3) for x86_64. A fix for “Spectre” variants will be available soon. Ubuntu 17.04 will not receive any fix.$ sudo apt-get update[ for Ubuntu 16.04 ]$ sudo apt-get install linux-generic[ for Ubuntu 14.04 ]$ sudo apt-get install linux-image-4.4.0-108-genericEdit /boot/grub/menu.lst such that default=0 is set, signifying that the latest kernel (mentioned at the top of the list of boot entries) should be booted. The first 8 uncommented lines of menu.lst should look like this -default=0timeout=10title vmlinuz-4.4.0-108-generic root (hd0,0) kernel /boot/vmlinuz-4.4.0-108-generic root=/dev/xvda console=hvc0 ro initrd /boot/initrd.img-4.4.0-108-genericBoot into the new kernel: For Ubuntu cloud/virtual machines, use the reboot buttonon the cloud console and for dedicated machines, use the “reboot” command.

Fixed packages for Ubuntu

PackageVersionSerieslinux4.4.0-108.131Xenial 16.04linux4.13.0-25.29Artful 17.10linux-aws4.4.0-1047.56Xenial 16.04linux-aws4.4.0-1009.9Trusty 14.04linux-azure4.13.0-1005.7Xenial 16.04linux-euclid4.4.0-9021.22Xenial 16.04linux-gcp4.13.0-1006.9Xenial 16.04linux-hwe-edge4.13.0-25.29~16.04.1Xenial 16.04linux-kvm4.4.0-1015.20Xenial 16.04linux-lts-xenial4.4.0-108.131~14.04.1Trusty 14.04linux-oem4.13.0-1015.16Xenial 16.04

Fix on Debian

CVE-2017-5754 (aka Meltdown or Variant 3) is fixed. "Spectre" mitigations are a work in progress.$ sudo apt-get update$ sudo apt-get install linux-image-amd64This will install the updated kernel release package linux-image-3.16.0-5-amd64 on Debian 8 and linux-image-4.9.0-5-amd64 on Debian 9.Boot into the new kernel: For Ubuntu cloud/virtual machines, use the reboot buttonon the cloud console and for dedicated machines, use the “reboot” command. With the new kernel version, you should see 3.16.51-3+deb8u1 for Debian 8 Jessie and 4.9.65-3+deb9u2 for Debian 9 -# uname -srvLinux 3.16.0-5-amd64 #1 SMP Debian 3.16.51-3+deb8u1 (2018-01-08)# uname -srvLinux 4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04)

Vulnerable and fixed packages for Debian

Source PackageReleaseVersionStatuslinux (PTS)wheezy3.2.78-1vulnerablewheezy (security)3.2.96-3fixedjessie3.16.51-2vulnerablejessie (security)3.16.51-3+deb8u1fixedstretch4.9.65-3vulnerablestretch (security)4.9.65-3+deb9u2fixedbuster4.14.7-1vulnerablesid4.14.12-2fixedThe information below is based on the following data on fixed versions.PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugslinuxsource(unstable)4.14.12-1mediumlinuxsourcejessie3.16.51-3+deb8u1mediumDSA-4082-1linuxsourcestretch4.9.65-3+deb9u2mediumDSA-4078-1linuxsourcewheezy3.2.96-3mediumDLA-1232-1

Fix on Windows

Windows Server-based machines (physical or virtual) should get the Windows security updates that were released on January 3, 2018, and are available from Windows Update. The following updates are available:Operating system versionUpdate KBWindows Server, version 1709 (Server Core Installation)4056892Windows Server 20164056890Windows Server 2012 R24056898Windows Server 2012Not availableWindows Server 2008 R24056897Windows Server 2008Not availableUse these registry keys to enable the mitigations on the server and make sure that the system is restarted for the changes to take effect:Switch | Registry SettingsTo enable the fixreg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /freg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /freg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /fIf this is a Hyper-V host and the firmware updates have been applied: fully shutdown all Virtual Machines (to enable the firmware related mitigation for VMs you have to have the firmware update applied on the host before the VM starts).Restart the server for changes to take effect.To disable this fixreg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /freg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /fRestart the server for the changes to take effect.(There is no need to change MinVmVersionForCpuBasedMitigations.)Note For Hyper-V hosts, live migration between patched and unpatched hosts may fail: See for more information.

Verifying that protections are enabled

To help customers verify that protections have been enabled, Microsoft has published a PowerShell script that customers can run on their systems. Install and run the script by running the following commands:    PowerShell Verification using the PowerShell Gallery (Windows Server 2016 or WMF 5.0/5.1)    Install the PowerShell Module

   PS> Install-Module SpeculationControl

   Run the PowerShell module to validate the protections are enabled

   PS> # Save the current execution policy so it can be reset

   PS> $SaveExecutionPolicy = Get-ExecutionPolicy

   PS> Set-ExecutionPolicy RemoteSigned -Scope Currentuser

   PS> Import-Module SpeculationControl

   PS> Get-SpeculationControlSettings

   PS> # Reset the execution policy to the original state

   PS> Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

   PowerShell Verification using a download from Technet (Earlier OS versions/Earlier WMF versions)    Install the PowerShell Module from Technet ScriptCenter.Go to to a local folder. Extract the contents to a local folder, for example C:\ADV180002    Run the PowerShell module to validate the protections are enabledStart PowerShell, then (using the example above), copy and run the following commands:

   PS> # Save the current execution policy so it can be reset

   PS> $SaveExecutionPolicy = Get-ExecutionPolicy

   PS> Set-ExecutionPolicy RemoteSigned -Scope Currentuser

   PS> CD C:\ADV180002\SpeculationControl

   PS> Import-Module .\SpeculationControl.psd1

   PS> Get-SpeculationControlSettings

   PS> # Reset the execution policy to the original state

   PS> Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser

The output of this PowerShell script will resemble the following. Enabled protections appear in the output as “True.”

PS C:\> Get-SpeculationControlSettings

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True

Windows OS support for kernel VA shadow is present: True

Windows OS support for kernel VA shadow is enabled: True

Windows OS support for PCID optimization is enabled: True

Notes and References

Performance impact (Linux): Speculative execution is a performance optimization technique. Thus, these updates (both kernel and microcode) may result in workload-specific performance degradation. Therefore, some customers who feel confident that their systems are well protected by other means (such as physical isolation), may wish to disable some or all of these kernel patches. If the end user elects to enable the patches in the interest of security, this article provides a mechanism to conduct performance characterizations with and without the fixes enabled. Controlling the Performance Impact of Microcode and Security Patches for CVE-2017-5754 CVE-2017-5715 and CVE-2017-575]]>

Latest Blogs
This is a decorative image for: A Complete Guide To Customer Acquisition For Startups
October 18, 2022

A Complete Guide To Customer Acquisition For Startups

Any business is enlivened by its customers. Therefore, a strategy to constantly bring in new clients is an ongoing requirement. In this regard, having a proper customer acquisition strategy can be of great importance.

So, if you are just starting your business, or planning to expand it, read on to learn more about this concept.

The problem with customer acquisition

As an organization, when working in a diverse and competitive market like India, you need to have a well-defined customer acquisition strategy to attain success. However, this is where most startups struggle. Now, you may have a great product or service, but if you are not in the right place targeting the right demographic, you are not likely to get the results you want.

To resolve this, typically, companies invest, but if that is not channelized properly, it will be futile.

So, the best way out of this dilemma is to have a clear customer acquisition strategy in place.

How can you create the ideal customer acquisition strategy for your business?

  • Define what your goals are

You need to define your goals so that you can meet the revenue expectations you have for the current fiscal year. You need to find a value for the metrics –

  • MRR – Monthly recurring revenue, which tells you all the income that can be generated from all your income channels.
  • CLV – Customer lifetime value tells you how much a customer is willing to spend on your business during your mutual relationship duration.  
  • CAC – Customer acquisition costs, which tells how much your organization needs to spend to acquire customers constantly.
  • Churn rate – It tells you the rate at which customers stop doing business.

All these metrics tell you how well you will be able to grow your business and revenue.

  • Identify your ideal customers

You need to understand who your current customers are and who your target customers are. Once you are aware of your customer base, you can focus your energies in that direction and get the maximum sale of your products or services. You can also understand what your customers require through various analytics and markers and address them to leverage your products/services towards them.

  • Choose your channels for customer acquisition

How will you acquire customers who will eventually tell at what scale and at what rate you need to expand your business? You could market and sell your products on social media channels like Instagram, Facebook and YouTube, or invest in paid marketing like Google Ads. You need to develop a unique strategy for each of these channels. 

  • Communicate with your customers

If you know exactly what your customers have in mind, then you will be able to develop your customer strategy with a clear perspective in mind. You can do it through surveys or customer opinion forms, email contact forms, blog posts and social media posts. After that, you just need to measure the analytics, clearly understand the insights, and improve your strategy accordingly.

Combining these strategies with your long-term business plan will bring results. However, there will be challenges on the way, where you need to adapt as per the requirements to make the most of it. At the same time, introducing new technologies like AI and ML can also solve such issues easily. To learn more about the use of AI and ML and how they are transforming businesses, keep referring to the blog section of E2E Networks.

Reference Links

This is a decorative image for: Constructing 3D objects through Deep Learning
October 18, 2022

Image-based 3D Object Reconstruction State-of-the-Art and trends in the Deep Learning Era

3D reconstruction is one of the most complex issues of deep learning systems. There have been multiple types of research in this field, and almost everything has been tried on it — computer vision, computer graphics and machine learning, but to no avail. However, that has resulted in CNN or convolutional neural networks foraying into this field, which has yielded some success.

The Main Objective of the 3D Object Reconstruction

Developing this deep learning technology aims to infer the shape of 3D objects from 2D images. So, to conduct the experiment, you need the following:

  • Highly calibrated cameras that take a photograph of the image from various angles.
  • Large training datasets can predict the geometry of the object whose 3D image reconstruction needs to be done. These datasets can be collected from a database of images, or they can be collected and sampled from a video.

By using the apparatus and datasets, you will be able to proceed with the 3D reconstruction from 2D datasets.

State-of-the-art Technology Used by the Datasets for the Reconstruction of 3D Objects

The technology used for this purpose needs to stick to the following parameters:

  • Input

Training with the help of one or multiple RGB images, where the segmentation of the 3D ground truth needs to be done. It could be one image, multiple images or even a video stream.

The testing will also be done on the same parameters, which will also help to create a uniform, cluttered background, or both.

  • Output

The volumetric output will be done in both high and low resolution, and the surface output will be generated through parameterisation, template deformation and point cloud. Moreover, the direct and intermediate outputs will be calculated this way.

  • Network architecture used

The architecture used in training is 3D-VAE-GAN, which has an encoder and a decoder, with TL-Net and conditional GAN. At the same time, the testing architecture is 3D-VAE, which has an encoder and a decoder.

  • Training used

The degree of supervision used in 2D vs 3D supervision, weak supervision along with loss functions have to be included in this system. The training procedure is adversarial training with joint 2D and 3D embeddings. Also, the network architecture is extremely important for the speed and processing quality of the output images.

  • Practical applications and use cases

Volumetric representations and surface representations can do the reconstruction. Powerful computer systems need to be used for reconstruction.

Given below are some of the places where 3D Object Reconstruction Deep Learning Systems are used:

  • 3D reconstruction technology can be used in the Police Department for drawing the faces of criminals whose images have been procured from a crime site where their faces are not completely revealed.
  • It can be used for re-modelling ruins at ancient architectural sites. The rubble or the debris stubs of structures can be used to recreate the entire building structure and get an idea of how it looked in the past.
  • They can be used in plastic surgery where the organs, face, limbs or any other portion of the body has been damaged and needs to be rebuilt.
  • It can be used in airport security, where concealed shapes can be used for guessing whether a person is armed or is carrying explosives or not.
  • It can also help in completing DNA sequences.

So, if you are planning to implement this technology, then you can rent the required infrastructure from E2E Networks and avoid investing in it. And if you plan to learn more about such topics, then keep a tab on the blog section of the website

Reference Links

This is a decorative image for: Comprehensive Guide to Deep Q-Learning for Data Science Enthusiasts
October 18, 2022

A Comprehensive Guide To Deep Q-Learning For Data Science Enthusiasts

For all data science enthusiasts who would love to dig deep, we have composed a write-up about Q-Learning specifically for you all. Deep Q-Learning and Reinforcement learning (RL) are extremely popular these days. These two data science methodologies use Python libraries like TensorFlow 2 and openAI’s Gym environment.

So, read on to know more.

What is Deep Q-Learning?

Deep Q-Learning utilizes the principles of Q-learning, but instead of using the Q-table, it uses the neural network. The algorithm of deep Q-Learning uses the states as input and the optimal Q-value of every action possible as the output. The agent gathers and stores all the previous experiences in the memory of the trained tuple in the following order:

State> Next state> Action> Reward

The neural network training stability increases using a random batch of previous data by using the experience replay. Experience replay also means the previous experiences stocking, and the target network uses it for training and calculation of the Q-network and the predicted Q-Value. This neural network uses openAI Gym, which is provided by taxi-v3 environments.

Now, any understanding of Deep Q-Learning   is incomplete without talking about Reinforcement Learning.

What is Reinforcement Learning?

Reinforcement is a subsection of ML. This part of ML is related to the action in which an environmental agent participates in a reward-based system and uses Reinforcement Learning to maximize the rewards. Reinforcement Learning is a different technique from unsupervised learning or supervised learning because it does not require a supervised input/output pair. The number of corrections is also less, so it is a highly efficient technique.

Now, the understanding of reinforcement learning is incomplete without knowing about Markov Decision Process (MDP). MDP is involved with each state that has been presented in the results of the environment, derived from the state previously there. The information which composes both states is gathered and transferred to the decision process. The task of the chosen agent is to maximize the awards. The MDP optimizes the actions and helps construct the optimal policy.

For developing the MDP, you need to follow the Q-Learning Algorithm, which is an extremely important part of data science and machine learning.

What is Q-Learning Algorithm?

The process of Q-Learning is important for understanding the data from scratch. It involves defining the parameters, choosing the actions from the current state and also choosing the actions from the previous state and then developing a Q-table for maximizing the results or output rewards.

The 4 steps that are involved in Q-Learning:

  1. Initializing parameters – The RL (reinforcement learning) model learns the set of actions that the agent requires in the state, environment and time.
  2. Identifying current state – The model stores the prior records for optimal action definition for maximizing the results. For acting in the present state, the state needs to be identified and perform an action combination for it.
  3. Choosing the optimal action set and gaining the relevant experience – A Q-table is generated from the data with a set of specific states and actions, and the weight of this data is calculated for updating the Q-Table to the following step.
  4. Updating Q-table rewards and next state determination – After the relevant experience is gained and agents start getting environmental records. The reward amplitude helps to present the subsequent step.  

In case the Q-table size is huge, then the generation of the model is a time-consuming process. This situation requires Deep Q-learning.

Hopefully, this write-up has provided an outline of Deep Q-Learning and its related concepts. If you wish to learn more about such topics, then keep a tab on the blog section of the E2E Networks website.

Reference Links

This is a decorative image for: GAUDI: A Neural Architect for Immersive 3D Scene Generation
October 13, 2022

GAUDI: A Neural Architect for Immersive 3D Scene Generation

The evolution of artificial intelligence in the past decade has been staggering, and now the focus is shifting towards AI and ML systems to understand and generate 3D spaces. As a result, there has been extensive research on manipulating 3D generative models. In this regard, Apple’s AI and ML scientists have developed GAUDI, a method specifically for this job.

An introduction to GAUDI

The GAUDI 3D immersive technique founders named it after the famous architect Antoni Gaudi. This AI model takes the help of a camera pose decoder, which enables it to guess the possible camera angles of a scene. Hence, the decoder then makes it possible to predict the 3D canvas from almost every angle.

What does GAUDI do?

GAUDI can perform multiple functions –

  • The extensions of these generative models have a tremendous effect on ML and computer vision. Pragmatically, such models are highly useful. They are applied in model-based reinforcement learning and planning world models, SLAM is s, or 3D content creation.
  • Generative modelling for 3D objects has been used for generating scenes using graf, pigan, and gsn, which incorporate a GAN (Generative Adversarial Network). The generator codes radiance fields exclusively. Using the 3D space in the scene along with the camera pose generates the 3D image from that point. This point has a density scalar and RGB value for that specific point in 3D space. This can be done from a 2D camera view. It does this by imposing 3D datasets on those 2D shots. It isolates various objects and scenes and combines them to render a new scene altogether.
  • GAUDI also removes GANs pathologies like mode collapse and improved GAN.
  • GAUDI also uses this to train data on a canonical coordinate system. You can compare it by looking at the trajectory of the scenes.

How is GAUDI applied to the content?

The steps of application for GAUDI have been given below:

  • Each trajectory is created, which consists of a sequence of posed images (These images are from a 3D scene) encoded into a latent representation. This representation which has a radiance field or what we refer to as the 3D scene and the camera path is created in a disentangled way. The results are interpreted as free parameters. The problem is optimized by and formulation of a reconstruction objective.
  • This simple training process is then scaled to trajectories, thousands of them creating a large number of views. The model samples the radiance fields totally from the previous distribution that the model has learned.
  • The scenes are thus synthesized by interpolation within the hidden space.
  • The scaling of 3D scenes generates many scenes that contain thousands of images. During training, there is no issue related to canonical orientation or mode collapse.
  • A novel de-noising optimization technique is used to find hidden representations that collaborate in modelling the camera poses and the radiance field to create multiple datasets with state-of-the-art performance in generating 3D scenes by building a setup that uses images and text.

To conclude, GAUDI has more capabilities and can also be used for sampling various images and video datasets. Furthermore, this will make a foray into AR (augmented reality) and VR (virtual reality). With GAUDI in hand, the sky is only the limit in the field of media creation. So, if you enjoy reading about the latest development in the field of AI and ML, then keep a tab on the blog section of the E2E Networks website.

Reference Links

Build on the most powerful infrastructure cloud

A vector illustration of a tech city using latest cloud technologies & infrastructure