Categories
News

Tilera Chips Beat Intel And AMD Claims Facebook

Facebook engineers say Tilera’s multi-core processors are more efficient than low-power Intel and AMD chips

On  by Jeffrey Burt eWEEK USA 2013. Ziff Davis Enterprise Inc. All Rights Reserved. 

Tilera, which builds many-core processors to compete with x86-based chips from Intel and Advanced Micro Devices (AMD), got a boost from Facebook when engineers from the social media giant said Tilera’s processors out-performed those of its larger rivals.

The Facebook engineers released a white paper at the International Green Computing Conference in Orlando, Florida, that said tests determined that a Quanta Computer system running on Tilera’s low-power 64-core TilePro64 processors offered more than three times the performance-per-watt of systems running Intel’s quad-core Xeon chips and more than four times than servers running AMD’s eight-core Opteron chips.

The report comes at a time when Intel and AMD, the dominant server chip makers, are being challenged in the market for low-power systems that are increasingly being used by Internet-based companies like Facebook, Google, Amazon and Twitter, which have huge, densely populated data centres designed to process large amounts of small, Web-based workloads. In such environments, power and cooling are as important of factors as performance.

Important Role In Web 2.0

In the white paper, the Facebook engineers said key-value, or KV, stores play an important role in such Web 2.0 environments. They also noted that applications found in such data centres, such as Memcached, have hundreds of thousands of independent simple transactions that need to be processed in parallel. Facebook ran the tests using Memcached, and engineers found that the Tilera-based system was more efficient than those running x86 chips.

“Low-power many-core processors are well suited to KV store workloads with large amounts of data,” the engineer wrote in their paper. “Despite their low clock speeds, these architectures can perform on-par or better than comparably powered low-core-count x86 server processors.”

In this case, Facebook found the 64-core Tilera chip had 67 percent higher throughput than the low-power x86 chips at the same latency. At the same time, the engineers wrote that “when taking power and node integration into account as well, a TILEPro64-based S2Q server with eight processors handles at least three times as many transactions per second per watt as the x86-based servers with the same memory footprint”.

For the testing, Facebook used a 1U (1.75-inch) server running a quad-core Intel Xeon L5520 chip running at 2.7GHz, a 1U server powered by AMD’s eight-core Opteron 6128 HE clocked at 2.0GHz, and a 2U (3.5-inch) Quanta S2Q with eight Tilera TilePro64 processors – for a total of 512 cores – at 866MHz. Tilera officials said Facebook also plans to run the same tests on Tilera’s new 64-bit Gx3000 series processor, which was announced in June. That chip will begin sampling this month.

Tilera officials noted that Quanta builds Facebook’s open compute platform. In April, Facebook officials launched their Open Compute Project, open sourcing the specifications it uses for its hardware and data centre to efficiently power its massive social network. That is in contrast to others like Amazon, Google and Twitter, which keep the technology used in their data centres a secret.

Big Guns Target Micro Server Space

Intel and AMD are both working to drive up the performance and power efficiency of their processors though such avenues as adding more cores and integrating high-level graphics onto the same piece of silicon as the CPU. For the past two years, Intel also has been pushing the idea of micro servers, designed for highly virtualised data centres and cloud computing environments and using low-power Xeon and Atom chips.

At the same time, other chip vendors and systems makers are looking to make inroads into the low-power server space. Officials with ARM Holdings, whose designs dominate the mobile computing space, including smartphones and tablets, are looking to move up the ladder and into the data centre. A number of companies that make ARM-based chips, including Nvidia, Calxeda and Marvell Technologies, are pushing ahead with plans to release server processors based on ARM designs. SeaMicro is rolling out low-power servers based on Intel’s Atom processors.

Tilera officials said they do not expect to overtake Intel as the world’s top chip maker. However, it can challenge Intel and AMD in the 20 percent of the server market aimed at large cloud installations, they have said.

Categories
News

US Senator Calls For Social Network Guidelines

Sen. Charles Schumer issued an open letter asking for the creation of guidelines governing what social networks can do with user information

Schumer’s letter follows Facebook’s release on 21 April of new tools that share user information between the social network and other Websites.

“Hundreds of millions of people use social networking sites like Facebook, MySpace and Twitter every day,” Schumer said in a statement. “These sites have helped reconnect old friends, allowed families from far away to stay in touch and created new friendships; overall they provide a great new way to communicate.

“As these sites become more and more popular, however, it’s vitally important that safeguards are in place that provide users with control over their personal information to ensure they don’t receive unwanted solicitations,” he continued. “At the same time, social networking sites need to provide easy-to-understand disclosures to users on how information they submit is being shared.”

In addition to asking the FTC to establish guidelines, Schumer asked the commissioners to examine social networks to make sure they are fully disclosing the extent that user information is shared.

“I am asking the FTC to use the authority given to it to examine practices in the disclosure of private information from social networking sites and to ensure [that] users have the ability to prohibit the sharing of personal information,” he said. “If the FTC feels it does not have the authority to do so under current regulations I will support them in obtaining the tools and authority to do just that” by proposing legislation.

A Facebook spokesperson said the company was caught off guard by the senator’s remarks.

“We were surprised by Sen. Schumer’s comments and look forward to sitting down with him and his staff to clarify,” Facebook spokesperson Andrew Noyes said in a statement.

“Last week, we announced several new products and features designed to enhance personalization and promote social activity across the Web,” Noyes continued. “None of these changes removed or reduced people’s control over their information and several offered even greater controls.”

Categories
Facebook Google News

XSS Exploit Hidden In Facebook Bully Video

Facebook cross-site-scripting exploit uses “bully video” to deliver a sophisticated payload

A security researcher discovered a new cross-site scripting (XSS) vulnerability on Facebook, days after the social networking giant patched a different XSS flaw in its mobile API. At least one active scam is exploiting the new bug at this time.

“Found another instance of that Facebook app XSS – and it’s a Facebook XSS issue. Do not click links involving a video of a bully,” Joey Tyson, a security engineer at Gemini Security Solutions, posted on Twitter. Tyson writes about social networking sites’ privacy and security issues on his blog, Social Hacking.

Malicious JavaScript Payload

The flaw has to do with the way browsers load particular links formatted in “a certain syntax” as Javascript even though they are not filtered by Javascript, Tyson said. It is more sophisticated than most XSS attacks as the actually video does load for the user. “The JS payload can do quite a bit,” Tyson added.

The app can post the link to the “video” on the user’s Wall, add the user to a scam event and send invites to the event to friends, and send out the link on Facebook Chat.

Many past Facebook scams displayed a page and told users to download a plugin – really malware – to view the video, or just redirected users to a survey or another malicious site. Viewers rarely saw the video they had clicked to see.

Facebook has informed Tyson that it is tracking the attack and will be pushing out an update “soon”, according to Tyson. Facebook has removed several of the apps already, which made it a little challenging for Tyson to find an active scam to analyse. He pasted the actual exploit code on text-sharing site Pastebin which pointed to a video titled “Pal Pushes Bully”.

A malicious app called “April Fools Prank” identified by Google engineer Ashish Bhatia on his personal blog appears to have used the same exploit, according to Tyson.

Users on Facebook who click on a link and land on an app page with an embedded video should not click on the video, Tyson warned. Infected users should check “liked” pages for any rogue sites and reset their passwords.

Tyson confirmed to eWEEK on Twitter that this flaw was different from the mobile API XSS flaw that Facebook patched on March 31.

The bug in the mobile API allowed malicious apps to automatically post spam messages on users’ Walls, according to Symantec. As unsuspecting friends clicked on the links embedded in the Wall posts, the infection spread even further. There were several copycat attacks exploiting this XSS flaw, which was caused by insufficient Javascript filtering.

Any user logged into Facebook and accessing a site with the malicious Javascript code on a mobile device would automatically post the Spam message on his or her Wall, said Symantec security expert Candid Wueest.

“There is no other user interaction required, and there are no tricks involved, like clickjacking. Just visiting an infected website is enough to post a message that the attacker has chosen,” said Wueest

Symantec advises users to log out of Facebook when they are not actively using it or to use script-blocking add-ons to prevent these kinds of attacks.