Weiße spo-comm Schrift auf transparentem Hintergrund

Category: Know How

History of Spectre and Meltdown

Since the beginning of the year, one topic has been causing a lot of excitement in the IT world: The processor problems Meltdown and Spectre were uncovered. The CPUs at risk are mainly from Intel, but AMD and smartphone chips from Apple and Samsung, for example, are also affected. Intel was already informed about these security vulnerabilities in June 2017, but only made this public at the beginning of January 2018.

Processor gap: What happens?

The security gaps in the processors make it possible for attackers to access sensitive data by cleverly exploiting these gaps. Modern processors rely on the so-called out-of-order feature. Commands are executed speculatively and presumably required data is loaded into the caches. In the program flow, however, it is possible that they are not executed after all due to incorrect speculation. It is precisely this speculation of commands that makes the discovered attack scenarios possible.

Which CPUs are affected?

Intel in particular has suffered from the security gaps that have been discovered. Processors of the Core generation since 2008 are affected, but also the Intel Atom C, E, A, x3 and Z series as well as the Celeron and Pentium J and N series.

The official Intel page on this topic and a list of all affected Intel processors can be found here.

Google also took a stand and published that processors from AMD and ARM are also affected. Although Android systems are affected, they have been protected since the last security update on January 2. Apple is also said to have already closed some of the gaps with an earlier update and plans to follow up with further fixes with the update to 10.3.3.

You can find AMD’s official page on this topic here.

What measures are there against Spectre and Meltdown?

The security loopholes can be solved by extensive security patches for all existing operating systems. However, there is currently chaos here: BIOS updates with CPU microcode updates are only distributed by a few manufacturers. Microsoft has already withdrawn a Windows patch for older systems. But even Apple only vaguely explains what happens to Macs from the years before 2010 on which macOS High Sierra does not run.

According to some information, which has not been confirmed by Intel, AMD or other manufacturers, the security updates that are distributed are intended to slow down older (i.e. pre-2013) and weaker processors more than modern ones. For desktop PCs, notebooks and tablets – with the latest processors and Windows 10 – performance drops only minimally. However, Microsoft expects significantly higher performance losses on Windows 7 PCs with older CPUs. The most noticeable effects can be found on systems with Intel processors and fast SSDs (especially PCIe SSDs with NVM protocol, if the microcode update has been installed in addition to the Windows update.

You can find the official Microsoft page here.

To the Microsoft Security TechCenter

Fake BSI emails about security updates

Beware of fake emails about alleged Spectre and Meltdown updates. The e-mails written in the name of the BSI (Federal Office for Information Security) inform you that your end device is vulnerable and try to persuade you to install a supposed update. You can find an example of such a fake e-mail here

Affected spo-comm Mini-PCs

Together with our partners, we are always looking for and testing solutions. As soon as reliable information is available from Intel or Microsoft, we can provide suitable updates.

These spo-books are NOT affected as things stand at present:

–    spo-book WINDBOX II
–    spo-book WINDBOX II Plus
–    spo-book BRICK MSE45
–    spo-book BRICK NM10
–    spo-book TURO GM45
–    spo-book NOVA GM45
–    spo-book BOX NM10
–    spo-book FLUKE NM10
–    spo-book iDESK
–    spo-book MOVE NM10
–    spo-book RUGGED NM10
–    spo-book MOVE T56N
–    spo-book RUGGED T56N
–    spo-book ION 2
–    spo-book ION 3
–    spo-book POS NM10
–    spo-book POS NM10 slim
–    spo-book SQUARE 15
–    spo-book TECH 92F
–    spo-book UNO NM10
–    spo-book WINDBOX III

With regard to the Spectre and Meltdown issues, spo-comm:

– Always follow the updates from Intel, AMD & Microsoft
– Check the updates first on test computers in the deployment scenario before installing them on live systems,
– For older devices, test the security patches and check the performance, as the updates may result in performance losses.
– Exercise extreme caution with BSI emails, as they may be fake.

Read our latest What’s New article

CPU issues “Spectre” and “Meltdown”

Since the beginning of the year, the IT industry has been preoccupied with one topic in particular: the Meltdown and Spectre security vulnerabilities discovered in processors, which primarily affect Intel processors. By cleverly exploiting these gaps, attackers can use malicious code to read data that the computer processes in memory – including passwords. We at spo-comm are also working intensively on the current problems and their solutions.

You will also soon find a news ticker on our website where you can find out everything you need to know about the above-mentioned security vulnerabilities. So you are always up to date! You can also find out which of our devices are affected and what we are doing about it.

No more surcharging: no more extra costs for cashless payments

Since January 13, 2018, merchants across the EU have been prohibited from charging extra fees for cashless payment methods. This so-called “surcharging” was used when a customer wanted to pay in an online store by credit card, SEPA direct debit or bank transfer, for example. Although not initially affected by the “surcharging” ban, PayPal is also changing its terms and conditions as of January 9, 2018, which now state that merchants are not entitled to “charge a fee for using PayPal services as a payment method in your online store”.

For spo-comm customers this means: You want to buy the systems via our online store and pay by credit card or PayPal? Even if the new regulations apply to the B2C sector, you will no longer pay any separate fees for this.

Our spo-comm online store

New DIN RAILS for our BRICK range

DIN rails are now also available for our BRICK series. These brackets are attached to the matching VESA wall bracket with two screws each, allowing these Mini PCs to be installed in server cabinets, etc. They can be selected directly as an accessory when configuring your Mini PC.

An old hand: The analog VGA connection

If we were talking about Indian tribes today, the VGA connection would definitely be the oldest. Because it has been around since 1987. Even if it is slowly dying out, it is still widespread.

VGA stands for Video Graphics Array and is a purely analog interface in which analog signals must first be converted into digital signals. Although this interface was the undisputed standard for around 20 years, it has some disadvantages. The connection was originally designed for a maximum resolution of 640×480 pixels. Nowadays, however, Full HD images can also be output using modern computing methods. However, cables that are too long as well as strong sources of interference can significantly impair the quality of the image, which is why the VGA connection has been replaced by technically more complex interfaces over the years.

Advantage of VGA:      

  • Widespread connection

Disadvantages of VGA:    

  • Only a maximum resolution of 1920 x 1200 possible
  • Only analog, no digital signal transmission
  • Reacts sensitively to disruptive factors such as long cables
  • Only image transmission possible

Digital for the first time: The DVI connection

The successor to the VGA interface is the “Digital Video Interface” – or DVI for short. With the DVI interface, it is possible for the first time to exchange higher resolutions purely digitally. This is achieved by using the so-called TMDS (“Transition-Minimized Differential Signaling”) standard, which eliminates the electromagnetic interference common in analogue signals. Although the name of this interface does not suggest it, a so-called DVI-A connector can still be used to transmit purely analog signals if desired. If the standard – a DVI-D connector – is used, the signal is digital and content can be displayed with a resolution of up to 2560×1600 pixels and a frame rate of 100 Hz. The combination of digital and analog signals is also possible with this interface: all you need is a DVI-I connector, where the number of pins increases but the resolution remains the same as that of the DVI-D connector.

Advantages of DVI:   

  • Digital image transmission
  • Compatible with VGA and HDMI

Disadvantages of DVI:  

  • From today’s perspective: “Only” transferable up to two times 1920 x 1200
  • As with VGA: only image transmission possible

HDMI – Digital sound and image material up to 4K and 3D

The HDMI interface is the direct further development of the DVI interface and is probably the best-known candidate in our round-up today. HDMI, which stands for “High Definition Multimedia Interface”, has established itself particularly in the console and home cinema sector.

Using a single HDMI cable, digital sound can be exchanged between two devices in parallel with digital video signals. The HDMI 2.0 standard now also transmits 2160 signals at 60Hz for 4K UHD material and also supports a 1080p resolution of 48Hz for 3D material (see also“What is the difference between Full HD, UHD and 4K?“). The latest version of the HDMI interface has three different connector variants, of which HDMI type A is the standard connector. Type C, the so-called mini-HDMI, is suitable for applications where space is particularly limited. For ultra-mobile applications, the Type D Micro-HDMI is ideal, as it takes up very little space.

Advantages of HDMI:   

  • “2 in 1”: Both sound and image transmission possible.
  • Space-saving
  • Built-in copy protection (HDCP)
  • Easy to plug in and unplug

Disadvantage of HDMI:   

  • Not quite as durable as DVI due to its nature

The better HDMI connection? – The DisplayPort

The DisplayPort interface is a license-free connection standard which, just like HDMI, can transmit image and sound signals symmetrically. This was standardized by the VESA (Video Electronics Standards Association) and is intended to make the VGA and DVI connections completely superfluous. Just like DVI and HDMI, DisplayPort is also a digital interface, but is more commonly used in modern computer monitors and graphics cards. The DisplayPort data transmission method is even better protected against interference, which enables a maximum resolution of 5K, i.e. 5120×2880 pixels at a refresh rate of 60 full frames per second.

Advantages of DisplayPort:  

  • Cheaper in end use, as license-free
  • Not susceptible to interference due to transmission via micro-packets
  • Cable length up to 15 meters
  • No disadvantages

Discover all spo-comm Mini-PCs

What does  the term VESA mean?

The term VESA stands for “Video Electronics Standards Association” and is based on the organization of the same name, which has standardized the requirements for mounts on walls, ceilings and displays, among other things.

How do I determine a VESA standard?

A VESA standard can be easily determined by measuring both the horizontal and vertical distance between the screw holes (from center to center) on the back of a monitor/PC in millimeters.

What VESA standards are there?

As many monitors/PCs have the same standard, VESA has defined three standards.

–    VESA MIS-D
Hole pattern: 75×75 mm or 100×100 mm
>24″ screen size

–    VESA MIS-E
Hole pattern: 200×100 mm and/or 200×200 mm

–    VESA MIS-F
Variable hole pattern: 400×200 mm; 400×400 mm; 600×200 mm; 600×400 mm; 800x400mm
>31″ screen size

Which spo-books are VESA-compatible?

–    BOX N2390
–    CORE 2
–    MOVE N3160
–    WINDBOX II Quad
WINDBOX III EVO
–    NANO H310
–    BRICK J3455E
–    BRICK i3- 7100U
–    KUMO V

Do you have questions about the VESA mount or our spo-books? Our support staff will be happy to help you!

Contact spo-comm

 

Discover spo-comm Mini-PCs

Intel Thunderbolt 3: One for all

Thunderbolt 3 is a multifunctional interface that is directly compatible with USB Type-C, but also supports DisplayPort and PCIe. For example, external graphics cards can be connected via PCI Express. Corresponding connection cables enable various screen inputs to be addressed. Thanks to a transfer speed of up to 40 Gbit/s, 4K resolution can even be played back twice while data is still being transferred via USB 3.1. In order to promote the spread of the interface, Intel has now announced that it will make the standard license-free and release the specifications for the industry.

Not all SSDs are the same: The interfaces

For a long time, the SATA interface was the standard for SSDs. However, as SSDs work differently to HDDs, for which SATA was originally developed, an increase in speed is no longer possible and a completely new protocol is required. Depending on which interfaces the respective PC provides, SSDs with SATA 6G, its further development SATA Express (SATAe), m.2 or PCI Express (PCIe) can be used. More information on these interfaces can be found here.

In addition to M.2 and 2.5″: New “Ruler” SSD format

Intel recently introduced a new form factor for SSDs, previously known as “Ruler”. As the name suggests, this is a long, flat bar. Thanks to the dimensions of 325.35 x 36.8 x 9.5 mm, up to 32 Ruler SSDs fit into a server with a height of 1U. With a planned capacity of 32 TB per SSD (currently still 16 TB), such a rack server would achieve a storage capacity of 1 PB (petabyte). The first SSDs in the new “Ruler” format should be on the market by the end of the year, and there may also be modules with double the height.

Memory prices remain high: alternatives to DRAM sought

It is now widely known that storage prices have risen considerably in recent months. Unfortunately, there is still no end in sight – this is expected to continue in 2018 – as the most important manufacturers are devoting more and more of their production capacity to server and smartphone memory. Solutions to the problematic memory shortage would be, for example, a more efficient architecture or adapting the firmware and software to improve and intensify the use of the available memory. More thoughts on the subject can be found here:

More on this topic

A power failure is always bad for PCs and server systems. Even short failures in the millisecond range are enough to switch off electronic devices abruptly. As a result, ongoing processes are simply aborted and unsaved data is lost. To protect against this, a so-called UPS (abbreviation for uninterruptible power supply) is often used. These emergency power generators can supply devices with battery power in the event of a power failure. However, they are usually quite expensive, large and unwieldy.

Built-in battery instead of UPS

An alternative to the UPS are PCs with a built-in battery, such as those in the spo-comm MOVE and RUGGED series. With this optional addition, your Mini PC is supplied with power for up to 10 minutes in the event of a power failure. So there is enough time to bridge the outage or to back up running applications and close them cleanly. To make things even easier, you can configure the BIOS to automatically complete all save operations and then shut down the industrial PC properly.

This is also interesting for use in vehicles for which the MOVE series was originally designed. If the vehicle PC is equipped with a battery, a sudden switch-off or stalling of the engine has no negative consequences for the ongoing computing processes.

Discover the MOVE series from spo-comm

 

Discover the RUGGED series from spo-comm

Almost ready: PCI Express 4.0

The next PCIe generation is nearing completion: the PCI-SIG (Peripheral Component Interconnect Special Interest Group) standardization committee has now presented version 0.9 of the new 4.0 standard, which is intended to double the data rate compared to the current PCIe 3.0. However, it may be 2019 before PCIe 4.0 is actually installed in systems. Nevertheless, the PCI-SIG has already held out the prospect of the 5.0 standard with a further doubling of bandwidth. We are curious to see when this will be available in our Mini PCs.

Price of graphics cards increases: KUMO IV not affected

Due to the current mining hype surrounding the cryptocurrency Ethereum, powerful mid-range graphics cards such as Geforce GTX 1060 and 1070 as well as Radeon RX 580 and 570 are virtually sold out and, if at all, only available at extremely high prices. Fortunately, our high-end mini PC KUMO IV is not affected by this. The GTX 1060 is already integrated on the mainboard.

Even faster: USB 3.2 announced

A new standard was recently introduced by the USB 3.0 Promoter Group. USB 3.1 will now be followed by USB 3.2, which should double the data rates to 20 Gbit/s. To achieve these transmission rates, all devices and cables must of course comply with the new standard. However, it may be another year before the first devices are equipped with USB 3.2 ports. However, the goal of the new version is already clear: the flexible USB Type-C port is set to become the standard in the PC industry and replace the widely used Type-A interface. Will it be that easy? We will be surprised.

Simple commissioning: quick guides for spo-comm Mini-PCs

Anyone who needs help with commissioning or assembling their Mini-PC, or wants to make BIOS settings such as Wake On LAN or Restore on AC Power Loss, can now get simple help. Quick guides are now available for almost all spo-comm Mini-PCs. These can be downloaded from the respective product page under the “Product Details & Downloads” tab and can also be found on the driver sticks.

SSDs with the so-called “Power Guard” function work with integrated tantalum capacitors that are permanently charged with 12 volts. In the event of a power failure, the SSD can therefore act as a kind of UPS. The power in the SSD is maintained until all storage processes are completed and the data is backed up. In this way, Power Guard can prevent data loss and ensure greater security.  This is interesting for critical applications in the industrial environment as well as network and server technology, but also for mobile and vehicle solutions.

Power Guard SSD now available from spo-comm

This UPS technology was developed by storage manufacturer Cervoz, which now offers Power Guard SSDs and mSATAs in various sizes. spo-comm is now offering an optional 128 GB Power Guard SSD for all Mini-PCs in its range. Other sizes are also available on request.

Discover mini PCs with Power Guard SSD

SSD trends at Computex: TLC and M.2

PCIe instead of SATA – this trend was clearly evident at this year’s Computex in Taipei. As manufacturers are not making any progress with SATA SSDs in terms of speed, the future lies with much faster PCIe SSDs such as M.2. It has also been shown that TLC memory with 3 bits per cell is now increasingly being used in cheaper SSDs.

More options for vehicle computing: New accessories for MOVE series

spo-comm is now offering even more accessories for the two current vehicle PCs spo-book MOVE QM87 and spo-book MOVE N3160. New additions to the range include a GPS module for navigation and localization as well as a CAN bus for special vehicle applications.

Turbo clock at 15 watts TDP: Intel i-8000

Another new product presented at Computex is a quad-core processor from the Intel Core i-8000 generation. The special thing about it: With a TDP (Thermal Design Power) of just 15 watts, turbo clock rates of up to 4 GHz are to be achieved. The i7 CPU is set to be released in fall 2017 and will deliver up to 30 percent more speed than the comparable Core i7-7500U processor of the current Kaby Lake generation.

Individual branding: customizing package for Windows 10 IoT Enterprise

To make the most of the advantages of Windows 10 IoT Enterprise, spo-comm will soon be offering a customizing package. This allows the operating system to be customized so that you can appear as the manufacturer of the Mini PC – with your own logo, OEM information such as company name, website and telephone number, customized login screen and much more. The customized image is then securely stored with us and can be installed for future orders.

Discover all our spo-comm Mini-PCs

The Trusted Platform Module (TPM) is a chip that is integrated in many systems and offers more security. It is mainly used in PCs, notebooks and cell phones, but also in consumer electronics. A device with TPM, a customized operating system and suitable software is referred to as a Trusted Computing Platform (abbreviated to TC platform).

What advantages does TPM offer?

The advantages of the TPM lie in the security and encryption as well as the identification of devices. Each chip contains a unique cryptographic key that can be used to identify the computer, provided the owner allows it to be read.

Cryptographic keys can also be stored in the TPM to store encrypted data outside the TPM. The keys are generated, used and securely stored within the TPM so that they are protected against software attacks. Other advantages include better license and data protection. The owner of the system can sign data to prove his authorship. The TPM can also be used to detect changes made to the system, e.g. by malware or users.

Which keys can be found in the TPM?

The endorsement key (EK) is an RSA key pair (the abbreviation RSA stands for the three mathematicians Rivest, Shamier and Adleman, who developed this cryptographic procedure) and is uniquely assigned to each TPM. The key length is 2048 bits. The RSA key pair consists of a private key for decrypting or signing data, which must never leave the TPM, and a public key for encryption and signature verification. The key can be generated outside the TPM and can also be deleted and regenerated.

The Storage Root Key (SRK) is created when an admin or user takes over the system, i.e. when the owner of the computer changes. The SRK is also an RSA key with a length of 2048 bits. As the name suggests, it is the root of the TPM key tree, as it encrypts other keys used.

The Attestation Identity Keys (AIKs) are also RSA keys with a length of 2048 bits. They are created using the endorsement key and protect the user’s privacy. The AIKs are effectively a pseudonym for the EC so that it can remain anonymous.

How can TPM be used?

The decisive factor for the use of TPM is, of course, a TPM chip integrated into the hardware. This is sometimes located on the mainboard by default, but the module can often be installed as an option if a TPM header is available. However, the right software is also required to use TPM. A secure operating system, such as Windows 10 IoT Enterprise , is recommended so that the software cannot be manipulated so easily.

More about Windows IoT

Which spo-comm Mini-PCs offer TPM?

A TPM chip is integrated in the spo-comm systems spo-book WINDBOX III Advanced, spo-book NOVA CUBE Q87 and spo-book BOX N2930 (TPM 1.2 in each case). The successor to the spo-book WINDBOX III Advanced will be released in the third quarter of 2017 and will include the new TPM 2.0 standard published in 2014. TPM can also be optionally installed in the spo-book TURO Q87, spo-book EXPANDED Q170 and spo-book NINETEEN Q170 systems.