News from the World of Software Development – January 2018

devnews-januaryWelcome to our first news digest of the New Year. We offer a few interesting stories from the software development world from the previous month with a measure of our own analysis. Hopefully, you are able to wean some actionable information from the latest IT news to help inspire your own development efforts.

If you are interested in checking out last December’s digest, simply click on the following link.

Spectre and Meltdown Fallout continues Unabated

Obviously, the kerfuffle surrounding Spectre and Meltdown – and its mitigation – continues to dominate the tech news this month. We covered the story for the first time last week, and have more information to report in this digest. Let’s take a closer look.

Linux creator, Linus Torvalds offered some pointed criticism at Intel. He called a set of Intel’s patches for the chip flaw vulnerability “garbage.” Linus continues to be known for his outspoken nature, and this incident is no exception. His opinion was reported on in ZDNet as well as other tech media sources.

“They do literally insane things. They do things that do not make sense. And I really don’t want to see these garbage patches just mindlessly sent around,” added Torvalds. This latest outburst comes after a shot at Intel soon after the chip issue first became known.

“I think somebody inside of Intel needs to really take a long hard look at their CPU’s, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed,” said Torvalds.

Spectre and Meltdown caused a delay in the release of the new Linux version, 4.15. Torvalds expects another release candidate instead of the arrival of the final Linux build.

Intel responds to the Criticism

Earlier this Tuesday, Intel responded to Torvalds’ barb. “We take the feedback of industry partners seriously. We are actively engaging with the Linux community, including Linus, as we seek to work together on solutions,” the chipmaker commented.

In a sense, Intel’s attempts to fix their chip flaw are almost worse than the initial problem. This week, The Verge reported on the chipmaker advising users not to install patches released earlier this month. Users reported servers and PCs randomly rebooting after those patches were installed.

“We recommend that OEMs, cloud service providers, system manufacturers, software vendors, and end users stop deployment of current versions on specific platforms, as they may introduce higher than expected reboots and other unpredictable system behavior,” wrote Intel Executive Vice President, Navin Shenoy. Needless to say, pay attention to the news around Spectre and Meltdown to ensure minimal disruption to your company’s operations.

Making Application Design Faster

A new product from MEGA International offers the potential to speed up the software architecture process. HOPEX Application Design fosters a common approach to generating application requirements. It leverages a SOA approach while also using traditional modeling methods like UML.

The tool works seamlessly with both Agile and traditional software development methodologies. It promises to reduce the number of sprints while also delivering a more robust application in the end. If your organization is looking for a new app design tool, HOPEX is likely worth your attention.

That’s it for this edition of the Betica Software Development News Digest. We’ll see you next month. As always, thanks for reading!

The Impact of Spectre and Meltdown on IT Operations

Screen Shot 2018-01-19 at 3.03.59 PM


Undoubtedly, the news about the Intel and AMD microprocessor flaws – targeted by exploits known as Meltdown and Spectre – reached your desk over the last few weeks. It is important for these chipmakers to fix the issue, lest those holes provide the means for cybercriminal activity. Unfortunately, some fixes hamper CPU performance, affecting users from the personal to the corporate.

Let’s take a closer look at this important problem that software engineers and their management need to consider. Its impact on the performance of their applications – both deployed and currently in development – is notable.


The CPU Fixes for Meltdown and Spectre

A recent article in TechRepublic analyzed some approaches to fix the CPU architecture flaws used by Meltdown and Spectre. Unfortunately, while offering a measure of protection to computers powered by these Intel and AMD chips, the performance hits are significant. Software patches or not; ultimately, a new chip design is what’s needed for the future.

One patch leverages a technique known as Kernel Page Table Isolation (KPTI). TechRepublic’s James Sanders notes early reports stating a 30 percent performance degradation due to the patch. He feels this number is exaggerated compared to real world usage scenarios.

The KPTI approach essentially separates the chip’s page tables for user-space and kernel-space. Naturally, this comes with a subsequent performance cost. Sanders feels the use of process-context identifiers (PCIDs) helps to mitigate the issue. The problem involves the lack of support for PCIDs in the most recent versions of Linux.

He mentions a few recent benchmarks analyzing server performance on Linux boxes with KPTI enabled. Some of these tests involved running PostgreSQL processes, which should be relevant to many of our readers.


Fixes for Intel Chip Flaws impact PostgreSQL Performance

 Developer, Andres Freund, ran a few Postgres processes on servers using KPTI without PCID enabled. His full set of benchmarks are available here. Notably the results showed a performance hit of anywhere from 7-17 percent to 16-23 percent depending on the workload of the individual process.

Sanders feels changing to a Linux kernel with PCID support helps to mitigate the degradation in performance. Still, this causes extra work for network administrators ultimately due to a mistake in chip architecture from the two leading manufacturers in the industry. This reflects poorly on both companies in a Cloud-based era where so many businesses of all sizes depend on good performance.

Other high throughput databases, like the in-memory NoSQL data store, Redis, display similar performance issues due to the patches for Meltdown and Spectre. They also get a subsequent boost in horsepower by using the Linux kernel with PCIDs enabled.

According to the article, these benchmark results don’t necessarily apply in other computing scenarios. Blender, the 3D graphics tool, and the venerable web server Apache don’t receive a performance boost from PCID. The performance impact of the KPTI patch was also smaller.

Other companies, notably Google, are taking steps to protect CPUs from the Meltdown and Spectre exploits without performance issues. Google’s Reptoline especially shows promise, but requires a full recompilation of the OS and all applications. Ultimately, make sure to research these other options to ensure your servers stay protected while maintaining the highest performance possible.


Stay tuned to the Betica Blog for additional news and insights from the software development world. Thanks for reading!