The Impact of Spectre and Meltdown on IT Operations

Screen Shot 2018-01-19 at 3.03.59 PM

 

Undoubtedly, the news about the Intel and AMD microprocessor flaws – targeted by exploits known as Meltdown and Spectre – reached your desk over the last few weeks. It is important for these chipmakers to fix the issue, lest those holes provide the means for cybercriminal activity. Unfortunately, some fixes hamper CPU performance, affecting users from the personal to the corporate.

Let’s take a closer look at this important problem that software engineers and their management need to consider. Its impact on the performance of their applications – both deployed and currently in development – is notable.

 

The CPU Fixes for Meltdown and Spectre

A recent article in TechRepublic analyzed some approaches to fix the CPU architecture flaws used by Meltdown and Spectre. Unfortunately, while offering a measure of protection to computers powered by these Intel and AMD chips, the performance hits are significant. Software patches or not; ultimately, a new chip design is what’s needed for the future.

One patch leverages a technique known as Kernel Page Table Isolation (KPTI). TechRepublic’s James Sanders notes early reports stating a 30 percent performance degradation due to the patch. He feels this number is exaggerated compared to real world usage scenarios.

The KPTI approach essentially separates the chip’s page tables for user-space and kernel-space. Naturally, this comes with a subsequent performance cost. Sanders feels the use of process-context identifiers (PCIDs) helps to mitigate the issue. The problem involves the lack of support for PCIDs in the most recent versions of Linux.

He mentions a few recent benchmarks analyzing server performance on Linux boxes with KPTI enabled. Some of these tests involved running PostgreSQL processes, which should be relevant to many of our readers.

 

Fixes for Intel Chip Flaws impact PostgreSQL Performance

 Developer, Andres Freund, ran a few Postgres processes on servers using KPTI without PCID enabled. His full set of benchmarks are available here. Notably the results showed a performance hit of anywhere from 7-17 percent to 16-23 percent depending on the workload of the individual process.

Sanders feels changing to a Linux kernel with PCID support helps to mitigate the degradation in performance. Still, this causes extra work for network administrators ultimately due to a mistake in chip architecture from the two leading manufacturers in the industry. This reflects poorly on both companies in a Cloud-based era where so many businesses of all sizes depend on good performance.

Other high throughput databases, like the in-memory NoSQL data store, Redis, display similar performance issues due to the patches for Meltdown and Spectre. They also get a subsequent boost in horsepower by using the Linux kernel with PCIDs enabled.

According to the article, these benchmark results don’t necessarily apply in other computing scenarios. Blender, the 3D graphics tool, and the venerable web server Apache don’t receive a performance boost from PCID. The performance impact of the KPTI patch was also smaller.

Other companies, notably Google, are taking steps to protect CPUs from the Meltdown and Spectre exploits without performance issues. Google’s Reptoline especially shows promise, but requires a full recompilation of the OS and all applications. Ultimately, make sure to research these other options to ensure your servers stay protected while maintaining the highest performance possible.

 

Stay tuned to the Betica Blog for additional news and insights from the software development world. Thanks for reading!

2018 Trends in Agile and DevOps

agile-devops

2017 saw Agile remain a preeminent methodology for software development, while DevOps continued to become an industry standard for progressive IT organizations. The New Year is expected to bring more of the same, especially as DevOps matures and companies become more adept at its techniques. What follows is a look at some of the major trends for both frameworks in the upcoming year.

If you are interested in checking out our 2018 trends for software development, simply click on the following link.

Lifecycle Management Software combines Agile and DevOps Approaches

At their core, both Agile and DevOps helps organizations better manage the application lifecycle of their software. In 2018, expect the tools used for lifecycle management to leverage approaches from both frameworks. This isn’t surprising, since we previously discussed how companies already experienced with Agile find it easier to implement DevOps.

Considering pushback against inflexible DevOps tool chains was one of our software development trends for this year, improving the toolset by adding the flexibility typical of Agile makes perfect sense. Keep an eye on enhancements in ALM tools throughout 2018.

Getting Executive Buy-in for DevOps Initiatives becomes Easier

DevOps becoming an industry standard obviously means more companies are spending resources on its adoption. Since executives tend to pay close attention to what their competition is doing, they are likely to be more willing to approve the budget for DevOps projects in 2018.

A recent Gartner study notes that IT-related initiatives are now the second highest priority for executives for this year. This is the highest ranking for technology projects since Gartner began tracking that metric. In short, expect DevOps projects to be the rage all across the technology world over the next 12 months.

Traditional Business Metrics no longer applies to Agile

With Agile becoming more entrenched as a software development methodology, traditional project metrics aren’t as useful for tracking business value. Expect better reporting tools to become more popular for companies using Agile in 2018. Those who also follow DevOps can take advantage of metrics able to track the entire lifecycle from development to deployment to maintenance.

Companies able to combine Agile and DevOps with their strategic planning initiatives stay ahead of the game compared to those firms taking an individual silo-based approach.

Improved DevOps Training helping Companies’ Transformation

Even as DevOps becomes ingrained throughout the business world, good companies still struggle with its adoption. Organizations typically add experienced practitioners of the framework on a temporary basis to help to get up to speed. In 2018, improved DevOps training courses are expected to become more widely available.

It is also reasonable to predict DevOps certifications to become popular as companies look to hire IT pros with the right skills as part of their new initiatives. Considering the growing importance of Information Security throughout the tech world, specialized DevSecOps certifications are another easy bet to make for 2018.

So, keep an eye on these trends throughout the year to see if our predictions came true once 2019 is upon us. Hopefully, your projects over the next 12 months are successful!

Keep coming back to the Betica Blog for additional dispatches and analysis from the constantly changing software development world. Thanks for reading!

2018 Trends in Software Development

2018

Welcome to the New Year! We hope 2018 brings with it prosperity, great code, and bug-free applications. With an eye towards getting the year off on the right foot, here is our look at some of the most prevalent software development trends predicted for the upcoming 12 months.

Perhaps the insights within help trigger an idea or two for your own team’s development efforts. Good luck!

A Growing Need for Blockchain Programmers

Cryptocurrencies like Bitcoin aren’t the only thing built upon the principles of blockchain. Many technology pundits predict the revolutionary disruption of multiple industries over the next few years because of blockchain. In fact, enterprise-level blockchain platforms are now provided by the biggest players in the tech world, including IBM, Microsoft, and Amazon.

Because of this rapid growth, expect the demand for software engineers experienced in blockchain technology to go through the roof. Considering there were only 5,000 programmers in this area as of 2016, this offers a great opportunity for any developer interested in the skill. Expect a robust salary if you are experienced with writing blockchain and cryptocurrency applications.

Information Security continues to dominate the News

News about hacking incidents and other forms of cybercrime fill the news on a daily basis. Companies of all sizes remain interested in hiring software engineers experienced in information security. In the past year, we talked about  the emergence of DevSecOps which illustrates the emphasis on cybersecurity throughout the industry.

Jeff Williams, CTO of Contract Security, commented on the need to improve application security. “Major breaches like Equifax and Uber have shone a light on organizations that are not doing nearly enough to secure their software supply chain. Today, every organization has an Equifax problem and it has created room for even more budget towards improving all aspects of application security,” said Williams.

Adoption of AI and Machine Learning

The influx of artificial intelligence and machine learning algorithms in applications is predicted to become even more prevalent in 2018. AI allows companies to develop smart software better able to serve customers, find actionable information inside a huge data store, or even drive a car.

Expect companies without AI-enabled apps to find it more difficult to compete with those that do. In fact, one study notes that 75 percent of software development companies will embrace AI in their code by the end of this year.

A Backlash against the DevOps Tool Chain?

With DevOps becoming a standard for software development projects,  a backlash was inevitable. While we are looking at 2018 trends in Agile and DevOps next week, some development managers predict some pushback on the methodology’s software tool chain, thus its coverage in this article. Mark Pundsack, head of product at GitLab, comments.

“Developers will begin to demand a more integrated approach to the development process. In 2017, developers voiced frustrations around using multiple tools to complete an entire development life cycle. This frustration will turn to action in 2018 and both developers and enterprises will request an approach that is seamless and effective. As a result, vendors will begin offering integrated toolsets to help developers and enterprises move faster from idea to production,” said Pundsack.

That sounds like better tool integration helps companies properly reach a ROI on their DevOps expenditures. Keep an eye out for those new tools in the coming year.

Thanks for checking out our 2018 Software Development trends. As always, thanks for reading  the Betica Blog!