Connect with us

Tech

Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device?

Published

on

Security researchers released official documentation — complete with nicknames and logos —  of two major flaws found in nearly all modern central processing units, or CPUs.

It’s not a physical problem with the CPUs themselves, or a plain software bug you might find in an application like Word or Chrome. It’s in between, at the level of the processors’ “architectures,” the way all the millions of transistors and logic units work together to carry out instructions.

In modern architectures, there are inviolable spaces where data passes through in raw, unencrypted form, such as inside the kernel, the most central software unit in the architecture, or in system memory carefully set aside from other applications. This data has powerful protections to prevent it from being interfered with or even observed by other processes and applications.

Meltdown and Spectre are two techniques researchers have discovered that circumvent those protections, exposing nearly any data the computer processes, such as passwords, proprietary information, or encrypted communications.

Meltdown affects Intel processors, and works by breaking through the barrier that prevents applications from accessing arbitrary locations in kernel memory. Segregating and protecting memory spaces prevents applications from accidentally interfering with one another’s data, or malicious software from being able to see and modify it at will. Meltdown makes this fundamental process fundamentally unreliable.

Spectre affects Intel, AMD, and ARM processors, broadening its reach to include mobile phones, embedded devices, and pretty much anything with a chip in it. Which, of course, is everything from thermostats to baby monitors now.

It works differently from Meltdown; Spectre essentially tricks applications into accidentally disclosing information that would normally be inaccessible, safe inside their protected memory area. This is a trickier one to pull off, but because it’s based on an established practice in multiple chip architectures, it’s going to be even trickier to fix.

Chips going back to 2011 were tested and found vulnerable, and theoretically it could affect processors as far back as those released in 1995. One would hope there aren’t too many of those in use, but we may be unpleasantly surprised on that count.

Because Meltdown and Spectre are flaws at the architecture level, it doesn’t matter whether a computer or device is running Windows, OS X, Android, or something else — all software platforms are equally vulnerable.

A huge variety of devices, from laptops to smartphones to servers, are therefore theoretically affected. The assumption going forward should be that any untested device should be considered vulnerable.

Not only that, but Meltdown in particular could conceivably be applied to and across cloud platforms, where huge numbers of networked computers routinely share and transfer data among thousands or millions of users and instances.

The good news is that the attack is easiest to perform by code being run by the machine itself — it’s not easy to pull this off remotely. So there’s that, at least.

Many, many devices are “affected” or “vulnerable” to these flaws, but that’s not the same thing as saying they’re totally open to attack. Intel, AMD, ARM and others have had months to create workarounds and “mitigations,” which is a polite way of saying “band-aids.”

Meltdown can be fixed essentially by building a stronger wall around the kernel; the technical term is “kernel page table isolation.” This solves the issue, but there’s a cost. Modern CPU architectures assume certain things about the way the kernel works and is accessed, and changing those things means that they won’t be able to operate at full capacity.

The Meltdown fix may reduce the performance of Intel chips by as little as 5 percent or as much as 30 — but there will be some hit. Whatever it is, it’s better than the alternative.

Spectre, on the other hand, is not likely to be fully fixed any time soon. The fact is that the practice that leads to this attack being possible is so hard-wired into processors that the researchers couldn’t find any way to totally avoid it. They list a few suggestions, but conclude:

What will actually happen is hard to say, but there will likely be a flurry of updates that carry out various software hacks to protect against the most obvious and damaging attacks. Microsoft has already issued one for Windows; ARM has a set of mitigations for its affected chips; Amazon is updating its many servers.

How broadly and quickly will these mitigation patches be applied, though? How many devices are out there, vulnerable, right now? These updates may not be pretty, perhaps requiring changes that will break other software, drivers, and components. And all will likely involve degrading performance.

A more permanent fix will require significant changes across the board — the circuit board, that is. Basic architecture choices that have been baked into our devices for years, even decades, will have to be rethought. It won’t be easy, and it won’t be fun.

In the meantime companies are working at full capacity to minimize the apparent threat: “mitigations” that may or may not prevent some or all of the variant attacks. As usual, these patches will likely reach only a small subset of new, fast-updating users and devices, or those the company can update directly on its own. We will only know the efficacy of these measures by their performance in the real world.

It’s worth noting that there won’t be a “recall.” If this flaw affected a single device, like the battery problems in Samsung’s phones a while back, a recall would make sense. But this is an issue that affects millions, perhaps billions of devices. A recall isn’t an option.

It’s always a bit odd to hear that companies were informed of a major security flaw like this one months ago, as was the case with Meltdown and Spectre. This particular exploit has been under investigation for some time by researchers, and word of it trickled out in the form of small updates to various operating systems addressing a hitherto-undocumented security flaw.

If the researchers just tweeted out the details when they discovered them, it would essentially be giving attackers access to that information at the same time as the companies that can fix the problem. Generally security investigators do what’s called responsible disclosure, contacting affected companies secretly, either as a simple courtesy or in order to collaborate on a solution.

In this case Google contacted Intel several months ago, and no doubt others knew to some degree as well, since Microsoft issued patches to insiders well ahead of the public announcement, and Linux distributions were likewise addressing the issue even though the papers describing the flaw were not out yet.

The plan would normally be that the affected company or companies would come up with a solution, quietly apply it, then announce both the flaw and the solution at the same time. And in fact that seems to be what was planned in this case.

But smart reporting by The Register, which among others put together the disparate pieces, seems to have forced the hands of several billion-dollar companies. The companies scrambled to finalize their statements, addressing “inaccurate” media reports and hastily issuing patches and explanations that likely weren’t due until next week.

While some may suggest that El Reg should have let things take their course, there’s a great deal to be said for not allowing the billion-dollar companies in question to completely control the narrative around a major issue like this. If the only version of the story we ever heard was one approved by their joint committee, things would likely have been painted in a different light.

As the researchers put it at the end of the the Spectre paper:

Continue Reading
Advertisement
Click to comment

Tech

How Augmented Reality Apps are Crucial for your Business?

Published

on

ai-for-business

When the discussion is regarding augmented reality (AR) app development, it becomes vital to understand the myriad of hard tricks that go into this technology. In order to stay on top of the latest trends, one has to make a lot of efforts. Now in case of an AR app development, the company is required to keep exploring the world of augmented reality, as before getting into the developmental zone, it first needs to understand the AR solutions required by the business and the way it can be implemented for leveraging with the users’ demands.

Understanding Augmented Reality

AR is a kind of technology which arrived in the arena just some time back and it is known to enable both mobile app development firms as well as app developers to overlay digital data right on top of real-world objects. In its very beginning, this technology has started proving itself as a disruptive force across mobile technology setting.

In case of consumer adoption, Augmented Reality is presently considered as an extension of existing technologies. Anyone can access as well as utilize AR technology with a device/smartphone that is able to capture video.

How can AR apps be developed?

Before beginning with AR app development, numerous factors need to be considered. A major number of AR apps overlays 3D text or imagery over real-world images processed by user’s device or smartphone.

In order to be successful in AR app development, it is necessary for mobile app programmers to have image processing expertise. It is also required to access some kind of image processing capabilities that will enable developers to create apps which can track natural features or makers within the environment.

When it comes to developing AR apps, it is also vital to come up with credible and realistic images mainly when computer software is used to generate images. It is needed to be done from user’s perspective. Along with that, it is also essential to align imagery pictures with the real-world environment.  However, this task may not be easy to handle, especially in case of developers. If the developer is incompetent in creating a reliable UI/UX, it will result in the development of an AR app that is complex to use. Due to this, the app may hold little or no value to the end consumer.

How Augmented Reality App impacts your business?

This technology has a great potential and impact on the users. Biggies like Google and Apple have also come up with their own augmented reality kits known as ARCore and ARKit, which help developers in building premium-quality and high-performing AR apps. So as you look around for the best mobile app development solutions available for your project, find out here the amazing benefits of augmented reality apps.

Augmented Business Operations:

Apart from helping remote workers access customer data on-demand, AR headsets are also crucial to change the way employees work. For instance, AR headset can be used by an insurance loss adjuster to examine a car which was damaged in an accident. As the loss adjustor do an examination of the damaged car, the AR headset can add a video of a car into a system which not only evaluates damage but even estimates cost required to fix it. A device’s recognition capabilities make it easier for the adjuster to determine damage.

Same way, AR headsets can also be used by healthcare professionals to diagnose diseases and treat them. Like, a doctor will be able to capture symptoms as s/he examines a patient using the AR headset. This provides them with crucial medical information regarding that patient.

Enhanced Customer Service:

Life gets a lot easier for consumer-facing employees, mainly those working in online retail with the help of Augmented Reality. As per Forrester Research, AR glasses prove useful for sales professionals in helping customers purchase cosmetics that enhance their aesthetics. A not only sales professional can visualize what customers would appear like after putting on a specific cosmetic but the technology also offers guidance on how it should be applied. AR technology is already being leveraged by big names like L’Oréal and Lowe to offer better customer services via mobile devices instead of head-mounted displays.

Object Visualization:

With the help of AR, it is possible to place digital assets in the physical world. When virtual objects are merged into the real world, it enables developers to interact with digital elements (3D objects) created by them as if they were real objects. For instance, as car designers begin with the designing process, they need to work on the myriad of a part in order to get the car design right. With the use of AR technology and computer graphics, they will be able to project virtual layouts of a car’s interior on a full-size model of a car dashboard. When digital objects are visualized via AR in this manner, it offers comprehensive insights into how a finished product will appear as compared to a flat product image on a screen.

Enhanced Training:

AR holds great potential as it comes to educating and train employees. Distinct from the real-world training scenarios, here a tutor or trainer can leverage augmented reality in order to make new processes and learning concepts a lot easier for trainees. Like, it is way easier to take a virtual car engine apart through AR as compared to a real one and this process can even be repeated as many times as needed. An AR app enables the enterprise to not just ably educate individuals but is even helpful in honing their capabilities and skills.

No dearth of opportunities

Even though augmented reality is still in its beginning stage, it is evolving quickly owing to an increase in usage of mobile devices & their comprehensive functionalities along with increased internet speed. Hence, this is the right time to integrate this technology into your business and enjoy its many benefits.

Continue Reading

Tech

Follow-On Right UX Ideas to Take Your App Design to the Next Level

Published

on

The present era is a UX era for most of products and services, be it tangible or non-tangible. Therefore, considerations for UX in mobile app development is mandatory to sustain and grow your app in the stiff competition.

In the mobile app development, UX concept and process resides on the top of the pyramid where functionality is at the foundation/bottom, reliability is the next layer on top of it, and usability is just below the UX layer.

It means UX is only possible when an app or a product have completed functional design; reliability has addresses and usability in focus. Another name of UX is user delight or pleasure, and it falls into the emotional design category.

Emotional design has three different levels, such as:

  1. Visceral
  2. Behavioral
  3. Reflective

How to do emotional UX design?

Some essential UX design elements play a crucial part in emotional design in the app development process, and those are:

  • UI or User Interface Design
  • Micro-copy or Miscellaneous Content
  • Animation Design
  • Affordance Design
  • Sound Design
  • Typographic Design

If UX designers attend these factors perfectly in right contexts, the user experiences are guaranteed.

What mindset and processes take app design next level with UX?

The following are good hints to take your app design next level using UX processes, such as:

  • Opt for Responsive Design
  • Adopt Agile Methods for Iteration
  • Be User-Centric
  • Be Consistent

Curious to go into details? Please read our full-text post “How Right UX Take App Design to the Next Level” at SysBunny blog and leverage awesome capabilities of a team of mobile app developers with UX design flairs.

Continue Reading

Tech

Big Data and Analytics Could Lead to a Better Website Design and Development

Published

on

Big data has led to several equally huge changes in the business environment. Although the arrival of big data systems means that organizations should address new challenge, the overall impact of big data stays a net positive.

With big data, performing tasks could become easier and more productive. The positive impact of data and analytics could be felt in a lot of areas of business operations, which include web development. The ways big data could impact websites could vary. Business managers and owners are curious on the effect of big data in the website performance. Understanding what big data allows for better website management ensures that it stays true to mission goals.

WEBSITE DATA COULD BE ANALYZED BETTER

A website and its related tools capture a huge amount of information on visitors. Breaking down information and data into micro components enhances the ability of analyzing and using data further. For instance, data analysis could reveal a specific geographic region that sends significant amount of visitor traffic to a website. A response could involve growing bilingual online videos to draw more people from the region. A lack of revealing data will eliminate the ability of accessing important information and respond in an effective manner.

BIG DATA COULD LEAD TO BETTER WEB DESIGN

How a website looks to visitors paly a remarkably important role in the ability of a website to keep visitor traffic. Poorly constructed and designed websites could experience excessively high bounce rates. In other words, visitor land on the site, fail to be impressed by a page and leave fast. If big data reveals bounce rates and obvious problems with design and organization of the site, steps could be taken to address the different problems. A robust WebDev guide could even reveal tremendous insights on how to boost the design. That said, enhancements could be made only when publishers of a website are aware that a problem persists. Access to reliable big data could provide robust insights to other problematic issues. Upon data review, proper means of addressing things could be instituted.

THE NEED FOR A HIGHLY EFFECTIVE WEB DEVELOPMENT COMPANY

A web design company could render professional web development services that are strongly based on the principle of never compromising quality. It’s important to look for service providers that are Microsoft Gold Certified partners with in-house expertise in leveraging Microsoft technologies as well as big data solutions of course.

A website could exist for the purpose of marketing the business associated with a page. Marketing may not be the only reason that a website exists, but could be a vitally important reason nonetheless. At its present stage, a website may not be living up to its full marketing potential. Big data and the web hosting and design could help figure out what will be a beneficial addition to a website.

BIG DATA COULD HELP MANAGE BUSINESS WEBSITES

Big data could provide the necessary material to make the right decision of a hosting company or plan. The right decision could lead to far better results. Big data, overall could help manage business websites in a lot of ways. The benefits of allowing data to determine web design are endless, from boosting iterative design to having prompt information on how people interact with the information and design. Also, one gets to have data that could be used for future work as well as possibly automate web development in the future.

CRITICAL QUESTIONS TO ANSWER BEFORE EMBARKIN IN DESIGNING FOR BIG DATA

  1. What are the objectives? Start with the end in mind, but also should be open to redefine the goals when going through the data available and have. Something may come up as interesting.
  2. What is the nature of the data? A company should know where the data is coming from, how much data moving through the system and where data integrates within the present system. This helps consolidate all data on every client from various sources and convergence points within the current system. This way, a company will not lose any information.
  3. What and which platform? This would be determined by the type of data one has and the data volume as well. Based on this information, one could decide what works with the specific needs to provide ample support.

IMPORTANT CONSIDERATIONS WHEN DESIGNING A WEBSITE

Do not flood all information onto a new platform all at once. Bring it slowly to see how it works and how staff responds to it. Begin offline and in small batches before going to real-time processing of big amounts of data. Data will require refreshing from time to time to stay current and relevant. One should find out how to make these updates to a big data platform as quickly and as easily as possible.

A company would require datasets that could make existing systems smarter and this would be done with the use of a feedback loop. The smaller sets of data could boost existing and current apps through providing real-time information from systems, which previously were impervious to or entirely unaware of.

With all the information that big data brings, there’s a great chance of losing the privacy of the information of users, which should never happen at all costs. Emphasize the privacy of users in the design at each level, particularly in niche segments. This is particularly true if sensitive user information would be required during transaction with website link bank accounts, residential addresses and all.

Big data website design would change how things work. This is because it necessitates bigger access by end users to provide real time. As a result, it’s important for companies to educate the staff on how to use big data as a team in order to achieve the set objective or objectives.

The transition to big data web design is an ongoing process. There would be some kinks to iron out and a company would have to evaluate the system to determine if it is getting what it needs from it. A web design development company could provide effective solutions by integrating big data systems to web design and development.

Continue Reading
Advertisement

Facebook

Advertisement

NEWSLETTER

Advertisement

Trending