By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Homegrown chips remain behind for now, but for how much longer? China is set to get its hands on homegrown processors next year that purportedly rival the performance of AMD and Intel chips released over the past two years

Chinese semiconductor company Loongson recently announced that its next-generation Godson CPU, the 3A6000, will sample with customers in the first half of 2023, according to a Chinese-language news report. That means a launch could follow later in the year.

Previous reports have indicated that Loongson's 3A6000 processor will allegedly provide performance that is on par with AMD's Ryzen 5000 CPUs and Intel's 11th-Gen Core CPUs, which both debuted in 2020.
This expectation is based on simulation test results provided by Loongson showing that the 3A6000 will improve single-core fixed-point performance by 37 percent and single-core floating-point performance by 68 percent over the previous-generation 3A5000, based on the SPEC CPU 2006 benchmark. As always, claims made by vendors should be taken with a grain of salt, and one benchmark is not indicative of how a processor will perform across a wide range of applications.
If the 3A6000's performance comes anywhere close to what Loongson claims, it means China is still quite behind when compared to the latest x86 processors from Intel and AMD, which released their latest Ryzen 7000 processors and 13th-Gen Core processors, respectively, this fall.
However, the performance claims also show how China has progressed with processor technology that is based on the homegrown, MIPS-compatible LoongArch instruction set architecture. The company has previously claimed that its chips feature circuitry that helps with the emulation and binary translation of non-Loongson instruction sets such as x86 and Arm, as we have previously reported.

Sometime soon, Twitter will crash badly. Here's why. Elon Musk has taken over Twitter, and it appears he's already failing on his promise not to turn Twitter into a 'free-for-all hellscape.' But, I'm not here to talk about his policy blunders. That's a story for another day. No, I'm here to predict that Twitter, the site, will soon crash. And, once it fails, it won't be coming up for a while. Why? Simple. You can't lay off half of the staff of a cloud-based social network and expect things to keep running smoothly for Twitter's 450 million monthly active users. Indeed, Twitter accounts are already failing in odd ways. For example, Benjamin Dreyer, author of "Dreyer's English" and copy chief of Random House, found that the vast majority of replies to one of his tweets were vanishing into the aether. He wasn't the only one. Even Musk appears to have realized that maybe firing every other person was a mistake. On Monday, November 7th, he tried to get workers, especially software engineers, to return. Good luck with that. According to my Twitter sources and tweets on the site, they're not coming back. As Gergely Orosz, editor and author of the popular software engineering and management blog, The Pragmatic Engineer, said, "Several people who were let go on Friday, then asked to come back were given less than an hour as a deadline. Software engineers who got this call ... all said 'no' and the only ones who could eventually say 'yes' are on visas." Managers, according to my sources and Orosz, are "getting desperate, trying to call back more people. People are saying 'no' + more sr engineers are quitting." Orosz added, "None of this is surprising. As a rule of thumb, you get an additional half attrition after you lay off X% of people. Lay off 10%: expect another 5% to quit. Lay off 50%... not unreasonable to expect another 25% to quit." And, you can't expect to replace social network and cloud experts with Tesla embedded system engineers and get anything done. I'm a good technology and business writer, but no one in their right mind would hire me to write opera arias. Let's look at Twitter's technology, shall we? Twitter runs on CentOS 7. This free Red Hat Enterprise Linux (RHEL) clone comes to the end of its life at the end of June 2024. The leading choices for what to replace it with should be RHEL 9, Rocky Linux, or AlmaLinux. But instead of working on that transition, what few system administrators Twitter has left are both trying to get the platform ready for Musk's laundry list of new features and keeping it patched and up-to-date. That's a problem. You see, unlike RHEL, where a big part of the attraction is that you can depend on Red Hat for first-rate support, CentOS, Rocky, and AlmaLinux are all primarily meant for companies with in-house staff who already know Linux servers backward and forward. That's no longer the case at Twitter. For more visit OUR FORUM.

Containers are meant to be immutable. Once the image is made, it is what it is, and all container instances spawned from it will be identical. The container is defined as code, so its contents, intents, and dependencies are explicit. Because of this, if used carefully, containers can help reduce supply chain risks. However, these benefits have not gone unnoticed by attackers. A number of threat actors have started to leverage containers to deploy malicious payloads and even scale up their own operations. For the Sysdig 2022 Cloud-Native Threat Report, the Sysdig Threat Research Team (Sysdig TRT) investigated what is really lurking in publicly available containers. Docker Hub is the most popular free public-facing container registry. It houses millions of pre-made container images in convenient, self-contained packages with all required software installed and configured. Public registries also host official content and images signed by Verified Publishers, which adds some level of trust that they are not malicious and can be used safely. While public registries save developers time, if a user is not careful, there could be malicious aspects to the container they pull. With so many containers to choose from, it is easy to choose the wrong one. Threat actors also appreciate how much friction this technology removes from developer workflows. They count on the fact that many developers may not examine what exactly is being installed. According to the Sysdig threat report, DockerHub is being used by malicious actors to deliver malware, backdoors, and other unwelcome surprises to users and companies. One specific practice to watch out for is typosquatting, which is when an image is disguised as legitimate while hiding something nefarious within its layers. Its name can be just a letter off the real thing, or the attacker might rely on a developer carelessly copying some instructions containing the bad path. Sysdig TRT found images shared by suspicious users with names to appear as popular open-source software in order to trick users. For example, popular packages like Drupal and Joomla have had their names used in order to disguise malicious payloads. Deploying these images means opening the doors of our environment to attackers, letting them pursue their goals or move internally to business-critical assets. The Sysdig TRT analyzed more than 250,000 Linux images over several months. During the research, 1,777 images were found to contain various kinds of malicious IPs or domains and embedded credentials. Upon taking a closer look, we see that cryptomining images are the most common malicious image type. This is quite expected because mining cryptocurrency on someone else’s compute resources is the most prevalent type of attack targeting cloud and container environments today. Embedded secrets in Docker images is the second most prevalent attack technique. In this case, attackers insert secrets in an image and use this information to get a foothold in your environment and then try to move laterally. For example, an SSH key can be added, which could allow for simple remote access or AWS keys could be added to give them cloud capabilities. This highlights the persistent challenges of secrets management is still a battle we need to win. To learn more visit OUR FORUM.

  

Latest Articles