Windows update KB4090007 for Windows 10

Hoping for BIOS updates for Intel processors from 2013 and 2014 has come to an end. The latest version of the optional Windows update KB4090007 from 24.04.2018 not only brings microcode updates for Coffee Lake (Core i-8000), Kaby Lake (i-7000) and Skylake (i-6000), but also for Broadwell (i-5000) and Haswell (i-4000). The update is available for both 32-bit and 64-bit versions of Windows 10 โ€“ but can still only be downloaded from the Windows Update Catalog  via an unsecured http connection. However, Windows 10 computers with Intel Atom processors still require BIOS updates.

The update also solves another problem: BIOS updates with supposedly new microcode updates have been released for some systems since December 2017, but the PowerShell script Get-SpeculationControl still reports no BTI protection.

Meltdown patches for Windows 7

Microsoft does not provide microcode updates for Windows 7 via Windows Update โ€“ BIOS updates are still required here. At the end of March, there were serious problems with the patches for the 64-bit versions of Windows 7 against the Meltdown vulnerability, which became known as โ€œTotal Meltdownโ€. However, anyone who has applied the patches from the beginning (early March) is protected against Total Meltdown.

A PoC (Proof of Concept)  has been published to ensure that you are protected against Total Meltdown.

Source: heise

Read the first part on Spectre and Meltdown

Read the first update on Spectre and Meltdown

  1. Intel points out that microcode updates are now available for all processors released in the last five years.
  2. Intel has also worked very closely with antivirus software providers to ensure compatibility.

Intel also announced on its website that the hardware design of new processors has been changed to protect them against the second variant of Spectre and Meltdown โ€“ there is currently no solution for Spectre variant 1. According to Intel, these innovations create obstacles for potential attackers through additional protective walls โ€“ on the one hand between running applications and on the other between processes with different access rights.

According to Brian Krzanich, the first processors that will have this new hardware protection โ€“ Intel is talking about eighth-generation Core i processors, among others โ€“ will probably be released in the second half of 2018. It is still unclear exactly which processor series is meant, as the โ€œIce Lakeโ€ processors were intended to be the ninth Core i generation. It is possible that there will be an โ€œintermediate generationโ€ codenamed โ€œWhiskey Lakeโ€.

To the previous Spectre and Meltdown article

How does Power over Ethernet work?

More and more devices, including our RUGGED T1000, for example, have the PoE function. Ethernet not only occupies a leading position for local network cabling, but also for security networks. Power over Ethernet eliminates the need for a separate power connection and the classic plug-in power supply units. Instead, the device draws its power from the data network. In addition to the data signals, power is also fed into the data line โ€“ usually at a central point in the network distributor.

Where is Power over Ethernet needed?

PoE is often found with devices that would normally have to be connected to different sockets with different cables. Power over Ethernet is a particularly suitable solution for areas of application in which a high level of security is required for the data connection, for example for (surveillance) cameras or servers.

What PoE standards are there and what do the PoE classes stand for?

Today, Power over Ethernet usually refers to the IEEE standard 802.3af-2003 (โ€œDTE Power over MDIโ€), which was adopted in June 2003. There is now a newer standard IEEE 802.3at-2009, which was previously known as PoE+ or PoE plus. This increases the maximum power output from 15.4 W of the to 25.5 W.
All devices that are supplied with power via PoE or PoE+ are assigned a class of 0-4. The class depends on the level of power consumption of the appliance. The devices assigned to classes 1, 2 and 3 require only a very low, low or medium amount of power, whereas class 4 (PoE+) requires a high amount of power and is only compatible with PoE+ PSE devices. As soon as a Powered Device (PD) device is connected to a Power Sourcing Equipment (PSE) device, it transmits the class to the PSE device so that it can provide the correct amount of power.

What are the advantages of Power over Ethernet?

The main advantage of Power over Ethernet is that a power supply cable is not required. This makes it possible to install Ethernet-connected devices in places that are difficult to access, such as server cabinets. On the one hand, this saves installation costs and, on the other hand, the reliability of the device can be increased by implementing a central uninterruptible power supply (UPS).

Configure the RUGGED T1000 now!

Discover all spo-comm Mini-PCs

History of Spectre and Meltdown

Since the beginning of the year, one topic has been causing a lot of excitement in the IT world: The processor problems Meltdown and Spectre were uncovered. The CPUs at risk are mainly from Intel, but AMD and smartphone chips from Apple and Samsung, for example, are also affected. Intel was already informed about these security vulnerabilities in June 2017, but only made this public at the beginning of January 2018.

Processor gap: What happens?

The security gaps in the processors make it possible for attackers to access sensitive data by cleverly exploiting these gaps. Modern processors rely on the so-called out-of-order feature. Commands are executed speculatively and presumably required data is loaded into the caches. In the program flow, however, it is possible that they are not executed after all due to incorrect speculation. It is precisely this speculation of commands that makes the discovered attack scenarios possible.

Which CPUs are affected?

Intel in particular has suffered from the security gaps that have been discovered. Processors of the Core generation since 2008 are affected, but also the Intel Atom C, E, A, x3 and Z series as well as the Celeron and Pentium J and N series.

The official Intel page on this topic and a list of all affected Intel processors can be found here.

Google also took a stand and published that processors from AMD and ARM are also affected. Although Android systems are affected, they have been protected since the last security update on January 2. Apple is also said to have already closed some of the gaps with an earlier update and plans to follow up with further fixes with the update to 10.3.3.

You can find AMDโ€™s official page on this topic here.

What measures are there against Spectre and Meltdown?

The security loopholes can be solved by extensive security patches for all existing operating systems. However, there is currently chaos here: BIOS updates with CPU microcode updates are only distributed by a few manufacturers. Microsoft has already withdrawn a Windows patch for older systems. But even Apple only vaguely explains what happens to Macs from the years before 2010 on which macOS High Sierra does not run.

According to some information, which has not been confirmed by Intel, AMD or other manufacturers, the security updates that are distributed are intended to slow down older (i.e. pre-2013) and weaker processors more than modern ones. For desktop PCs, notebooks and tablets โ€“ with the latest processors and Windows 10 โ€“ performance drops only minimally. However, Microsoft expects significantly higher performance losses on Windows 7 PCs with older CPUs. The most noticeable effects can be found on systems with Intel processors and fast SSDs (especially PCIe SSDs with NVM protocol, if the microcode update has been installed in addition to the Windows update.

You can find the official Microsoft page here.

To the Microsoft Security TechCenter

Fake BSI emails about security updates

Beware of fake emails about alleged Spectre and Meltdown updates. The e-mails written in the name of the BSI (Federal Office for Information Security) inform you that your end device is vulnerable and try to persuade you to install a supposed update. You can find an example of such a fake e-mail here

Affected spo-comm Mini-PCs

Together with our partners, we are always looking for and testing solutions. As soon as reliable information is available from Intel or Microsoft, we can provide suitable updates.

These spo-books are NOT affected as things stand at present:

โ€“    spo-book WINDBOX II
โ€“    spo-book WINDBOX II Plus
โ€“    spo-book BRICK MSE45
โ€“    spo-book BRICK NM10
โ€“    spo-book TURO GM45
โ€“    spo-book NOVA GM45
โ€“    spo-book BOX NM10
โ€“    spo-book FLUKE NM10
โ€“    spo-book iDESK
โ€“    spo-book MOVE NM10
โ€“    spo-book RUGGED NM10
โ€“    spo-book MOVE T56N
โ€“    spo-book RUGGED T56N
โ€“    spo-book ION 2
โ€“    spo-book ION 3
โ€“    spo-book POS NM10
โ€“    spo-book POS NM10 slim
โ€“    spo-book SQUARE 15
โ€“    spo-book TECH 92F
โ€“    spo-book UNO NM10
โ€“    spo-book WINDBOX III

With regard to the Spectre and Meltdown issues, spo-comm:

โ€“ Always follow the updates from Intel, AMD & Microsoft
โ€“ Check the updates first on test computers in the deployment scenario before installing them on live systems,
โ€“ For older devices, test the security patches and check the performance, as the updates may result in performance losses.
โ€“ Exercise extreme caution with BSI emails, as they may be fake.

Read our latest Whatโ€™s New article

CPU issues โ€œSpectreโ€ and โ€œMeltdownโ€

Since the beginning of the year, the IT industry has been preoccupied with one topic in particular: the Meltdown and Spectre security vulnerabilities discovered in processors, which primarily affect Intel processors. By cleverly exploiting these gaps, attackers can use malicious code to read data that the computer processes in memory โ€“ including passwords. We at spo-comm are also working intensively on the current problems and their solutions.

You will also soon find a news ticker on our website where you can find out everything you need to know about the above-mentioned security vulnerabilities. So you are always up to date! You can also find out which of our devices are affected and what we are doing about it.

No more surcharging: no more extra costs for cashless payments

Since January 13, 2018, merchants across the EU have been prohibited from charging extra fees for cashless payment methods. This so-called โ€œsurchargingโ€ was used when a customer wanted to pay in an online store by credit card, SEPA direct debit or bank transfer, for example. Although not initially affected by the โ€œsurchargingโ€ ban, PayPal is also changing its terms and conditions as of January 9, 2018, which now state that merchants are not entitled to โ€œcharge a fee for using PayPal services as a payment method in your online storeโ€.

For spo-comm customers this means: You want to buy the systems via our online store and pay by credit card or PayPal? Even if the new regulations apply to the B2C sector, you will no longer pay any separate fees for this.

Our spo-comm online store

New DIN RAILS for our BRICK range

DIN rails are now also available for our BRICK series. These brackets are attached to the matching VESA wall bracket with two screws each, allowing these Mini PCs to be installed in server cabinets, etc. They can be selected directly as an accessory when configuring your Mini PC.

An old hand: The analog VGA connection

If we were talking about Indian tribes today, the VGA connection would definitely be the oldest. Because it has been around since 1987. Even if it is slowly dying out, it is still widespread.

VGA stands for Video Graphics Array and is a purely analog interface in which analog signals must first be converted into digital signals. Although this interface was the undisputed standard for around 20 years, it has some disadvantages. The connection was originally designed for a maximum resolution of 640ร—480 pixels. Nowadays, however, Full HD images can also be output using modern computing methods. However, cables that are too long as well as strong sources of interference can significantly impair the quality of the image, which is why the VGA connection has been replaced by technically more complex interfaces over the years.

Advantage of VGA:      

  • Widespread connection

Disadvantages of VGA:    

  • Only a maximum resolution of 1920 x 1200 possible
  • Only analog, no digital signal transmission
  • Reacts sensitively to disruptive factors such as long cables
  • Only image transmission possible

Digital for the first time: The DVI connection

The successor to the VGA interface is the โ€œDigital Video Interfaceโ€ โ€“ or DVI for short. With the DVI interface, it is possible for the first time to exchange higher resolutions purely digitally. This is achieved by using the so-called TMDS (โ€œTransition-Minimized Differential Signalingโ€) standard, which eliminates the electromagnetic interference common in analogue signals. Although the name of this interface does not suggest it, a so-called DVI-A connector can still be used to transmit purely analog signals if desired. If the standard โ€“ a DVI-D connector โ€“ is used, the signal is digital and content can be displayed with a resolution of up to 2560ร—1600 pixels and a frame rate of 100 Hz. The combination of digital and analog signals is also possible with this interface: all you need is a DVI-I connector, where the number of pins increases but the resolution remains the same as that of the DVI-D connector.

Advantages of DVI:   

  • Digital image transmission
  • Compatible with VGA and HDMI

Disadvantages of DVI:  

  • From todayโ€™s perspective: โ€œOnlyโ€ transferable up to two times 1920 x 1200
  • As with VGA: only image transmission possible

HDMI โ€“ Digital sound and image material up to 4K and 3D

The HDMI interface is the direct further development of the DVI interface and is probably the best-known candidate in our round-up today. HDMI, which stands for โ€œHigh Definition Multimedia Interfaceโ€, has established itself particularly in the console and home cinema sector.

Using a single HDMI cable, digital sound can be exchanged between two devices in parallel with digital video signals. The HDMI 2.0 standard now also transmits 2160 signals at 60Hz for 4K UHD material and also supports a 1080p resolution of 48Hz for 3D material (see alsoโ€œWhat is the difference between Full HD, UHD and 4K?โ€œ). The latest version of the HDMI interface has three different connector variants, of which HDMI type A is the standard connector. Type C, the so-called mini-HDMI, is suitable for applications where space is particularly limited. For ultra-mobile applications, the Type D Micro-HDMI is ideal, as it takes up very little space.

Advantages of HDMI:   

  • โ€œ2 in 1โ€: Both sound and image transmission possible.
  • Space-saving
  • Built-in copy protection (HDCP)
  • Easy to plug in and unplug

Disadvantage of HDMI:   

  • Not quite as durable as DVI due to its nature

The better HDMI connection? โ€“ The DisplayPort

The DisplayPort interface is a license-free connection standard which, just like HDMI, can transmit image and sound signals symmetrically. This was standardized by the VESA (Video Electronics Standards Association) and is intended to make the VGA and DVI connections completely superfluous. Just like DVI and HDMI, DisplayPort is also a digital interface, but is more commonly used in modern computer monitors and graphics cards. The DisplayPort data transmission method is even better protected against interference, which enables a maximum resolution of 5K, i.e. 5120ร—2880 pixels at a refresh rate of 60 full frames per second.

Advantages of DisplayPort:  

  • Cheaper in end use, as license-free
  • Not susceptible to interference due to transmission via micro-packets
  • Cable length up to 15 meters
  • No disadvantages

Discover all spo-comm Mini-PCs

What does  the term VESA mean?

The term VESA stands for โ€œVideo Electronics Standards Associationโ€ and is based on the organization of the same name, which has standardized the requirements for mounts on walls, ceilings and displays, among other things.

How do I determine a VESA standard?

A VESA standard can be easily determined by measuring both the horizontal and vertical distance between the screw holes (from center to center) on the back of a monitor/PC in millimeters.

What VESA standards are there?

As many monitors/PCs have the same standard, VESA has defined three standards.

โ€“    VESA MIS-D
Hole pattern: 75ร—75 mm or 100ร—100 mm
>24โ€ณ screen size

โ€“    VESA MIS-E
Hole pattern: 200ร—100 mm and/or 200ร—200 mm

โ€“    VESA MIS-F
Variable hole pattern: 400ร—200 mm; 400ร—400 mm; 600ร—200 mm; 600ร—400 mm; 800x400mm
>31โ€ณ screen size

Which spo-books are VESA-compatible?

โ€“    BOX N2390
โ€“    CORE 2
โ€“    MOVE N3160
โ€“    WINDBOX II Quad
โ€“ WINDBOX III EVO
โ€“    NANO H310
โ€“    BRICK J3455E
โ€“    BRICK i3- 7100U
โ€“    KUMO V

Do you have questions about the VESA mount or our spo-books? Our support staff will be happy to help you!

Contact spo-comm

 

Discover spo-comm Mini-PCs

Intel Thunderbolt 3: One for all

Thunderbolt 3 is a multifunctional interface that is directly compatible with USB Type-C, but also supports DisplayPort and PCIe. For example, external graphics cards can be connected via PCI Express. Corresponding connection cables enable various screen inputs to be addressed. Thanks to a transfer speed of up to 40 Gbit/s, 4K resolution can even be played back twice while data is still being transferred via USB 3.1. In order to promote the spread of the interface, Intel has now announced that it will make the standard license-free and release the specifications for the industry.

Not all SSDs are the same: The interfaces

For a long time, the SATA interface was the standard for SSDs. However, as SSDs work differently to HDDs, for which SATA was originally developed, an increase in speed is no longer possible and a completely new protocol is required. Depending on which interfaces the respective PC provides, SSDs with SATA 6G, its further development SATA Express (SATAe), m.2 or PCI Express (PCIe) can be used. More information on these interfaces can be found here.

In addition to M.2 and 2.5โ€ณ: New โ€œRulerโ€ SSD format

Intel recently introduced a new form factor for SSDs, previously known as โ€œRulerโ€. As the name suggests, this is a long, flat bar. Thanks to the dimensions of 325.35 x 36.8 x 9.5 mm, up to 32 Ruler SSDs fit into a server with a height of 1U. With a planned capacity of 32 TB per SSD (currently still 16 TB), such a rack server would achieve a storage capacity of 1 PB (petabyte). The first SSDs in the new โ€œRulerโ€ format should be on the market by the end of the year, and there may also be modules with double the height.

Memory prices remain high: alternatives to DRAM sought

It is now widely known that storage prices have risen considerably in recent months. Unfortunately, there is still no end in sight โ€“ this is expected to continue in 2018 โ€“ as the most important manufacturers are devoting more and more of their production capacity to server and smartphone memory. Solutions to the problematic memory shortage would be, for example, a more efficient architecture or adapting the firmware and software to improve and intensify the use of the available memory. More thoughts on the subject can be found here:

More on this topic

A power failure is always bad for PCs and server systems. Even short failures in the millisecond range are enough to switch off electronic devices abruptly. As a result, ongoing processes are simply aborted and unsaved data is lost. To protect against this, a so-called UPS (abbreviation for uninterruptible power supply) is often used. These emergency power generators can supply devices with battery power in the event of a power failure. However, they are usually quite expensive, large and unwieldy.

Built-in battery instead of UPS

An alternative to the UPS are PCs with a built-in battery, such as those in the spo-comm MOVE and RUGGED series. With this optional addition, your Mini PC is supplied with power for up to 10 minutes in the event of a power failure. So there is enough time to bridge the outage or to back up running applications and close them cleanly. To make things even easier, you can configure the BIOS to automatically complete all save operations and then shut down the industrial PC properly.

This is also interesting for use in vehicles for which the MOVE series was originally designed. If the vehicle PC is equipped with a battery, a sudden switch-off or stalling of the engine has no negative consequences for the ongoing computing processes.

Discover the MOVE series from spo-comm

 

Discover the RUGGED series from spo-comm

Almost ready: PCI Express 4.0

The next PCIe generation is nearing completion: the PCI-SIG (Peripheral Component Interconnect Special Interest Group) standardization committee has now presented version 0.9 of the new 4.0 standard, which is intended to double the data rate compared to the current PCIe 3.0. However, it may be 2019 before PCIe 4.0 is actually installed in systems. Nevertheless, the PCI-SIG has already held out the prospect of the 5.0 standard with a further doubling of bandwidth. We are curious to see when this will be available in our Mini PCs.

Price of graphics cards increases: KUMO IV not affected

Due to the current mining hype surrounding the cryptocurrency Ethereum, powerful mid-range graphics cards such as Geforce GTX 1060 and 1070 as well as Radeon RX 580 and 570 are virtually sold out and, if at all, only available at extremely high prices. Fortunately, our high-end mini PC KUMO IV is not affected by this. The GTX 1060 is already integrated on the mainboard.

Even faster: USB 3.2 announced

A new standard was recently introduced by the USB 3.0 Promoter Group. USB 3.1 will now be followed by USB 3.2, which should double the data rates to 20 Gbit/s. To achieve these transmission rates, all devices and cables must of course comply with the new standard. However, it may be another year before the first devices are equipped with USB 3.2 ports. However, the goal of the new version is already clear: the flexible USB Type-C port is set to become the standard in the PC industry and replace the widely used Type-A interface. Will it be that easy? We will be surprised.

Simple commissioning: quick guides for spo-comm Mini-PCs

Anyone who needs help with commissioning or assembling their Mini-PC, or wants to make BIOS settings such as Wake On LAN or Restore on AC Power Loss, can now get simple help. Quick guides are now available for almost all spo-comm Mini-PCs. These can be downloaded from the respective product page under the โ€œProduct Details & Downloadsโ€ tab and can also be found on the driver sticks.