Technology: Windows XP Sunsets While SSD Prices Drop (and a brief word about HeartBleed)

by Steve Cunningham

As part of an early spring cleaning effort, I’ve been updating and upgrading some of my older computers, particularly those that have been running Windows XP. Microsoft’s support and bug fixes for XP has just come to an end, so it seemed time to see if I can get a bit more life from some of these potential antiques while they still function.

NON-ADMIN XP

The first issue was deciding what to do about XP. Sorry, but while I do like Windows 7, I am most comfortable and productive using XP. But there won’t be any more patches, so won’t it be dangerous to use? It turns out that this will not necessarily be so. According to a report from BeyondTrust in a recent ZDNet article, 90% of critical Windows Internet Explorer vulnerabilities can be eliminated by simply running as a non-admin user. The same should apply to Win XP, given the similarities in the code base of the two versions. This may also promise additional life for Windows XP, since the same report showed that 100% of vulnerabilities in IE8 were eliminated under a non-admin user. There are plenty of articles explaining how to setup a non-admin user, all available via Google. I’m going there, no question about it. Just remove the admin, and it’s almost safe again.

In the meantime, while I wasn’t looking, the price of large Solid State Drives (SSDs) has plummeted, and it seemed a good time to pick up a few and give some of the older models a bit of additional life. The first issue is deciding where to use them -- just as the system drive, or are they also suitable as audio recording devices?

ssd-crucial-m4-64-largeBENEFITS OF SSDs

Voice actors who work alone, often self-directed, will reap the benefits of SSDs immediately. Gone is the noise from spinning mechanical platters, often a problem if your computer is in your booth with you. Keep in mind that a computer’s internal fan noise may obliterate that advantage in your laptop, for example, but it may still be worth a look. Another benefit is the significant reduction in boot-up time, which will seem nearly instantaneous compared to an internal hard drive. And those who take a mobile laptop recording rig with them on business trips should be very excited when not worrying about damaging an internal hard drive.

MLC versus SLC

Then there’s the issue of cost per megabyte, which is largely a function of whether one employs MLC memory or SLC memory. It’s a difference you need to know about when thinking of buying solid-state disks based on flash memory technology, which is now affordable enough to merit serious consideration.

Of course there are trade-offs, depending on which of the two types of flash SSD you select. Multi-level cell (MLC) flash is most common and is often found in consumer products such as cameras, phones, USB memory sticks and portable music players, but is also present in some enterprise storage products.

The main characteristic of MLC flash is its low price, but it suffers from higher wear rates and lower write performance compared with single-level cell (SLC) technology. SLC is faster and much more reliable, but also more expensive, and is used in the best-performing storage arrays. All flash memory suffers from wear, which occurs because erasing or programming a cell subjects it to wear due to the voltage applied. Each time this happens, a charge is trapped in the transistor’s gate dielectric and causes a permanent shift in the cell’s characteristics, which, after a number of cycles, manifests as a failed cell.

SLC uses a single cell to store one bit of data. MLC memory is more complex and can interpret four digital states from a signal stored in a single cell. This makes it denser for a given area and so cheaper to produce, but it wears out faster. So, an MLC cell is typically rated at 10,000 erase/write cycles, while an SLC cell might last 10 times that before failing. However, manufacturers of products consisting of MLC cells can and do have mitigating technologies and techniques at their disposal. The controller card matters a great deal in this regard, as do other features that serve to distribute the “wear”. Needless to say, most of the current “deals” on SSDs utilize the MLC flavor of memory, but prices are indeed coming down.

SSD GOT CHEAP

A recent survey online indicates pricing for a 2.5” 500GB Samsung as low as $274 with a SATA III interface and an external enclosure for the replaced drive. That’s just slightly higher than an equivalent mechanical HD cost just a few years ago. Of course at these prices we’re talking MLC memory, but for VO recording and editing that should be quite sufficient. It’s only when one gets into multitrack projects that SSDs require a bit more care in the evaluation process.

Again, from the internet, a 480GB internal from Crucial was just a bit under $240 (without the external case). By the way, in my humble opinion the only reason to use a second internal SSD drive in a laptop is to further reduce the noise impact from spinning mechanical drives. Frankly the transfer rates are completely over the top high, and unless you’re doing multitrack recording and editing on a laptop with SSD(s) you will never need to move data on or off a drive that quickly. Just put the OS and the software applications on the internal SSD, and leave the second (audio) drive as a spinner. The noise from the second drive is very low, again unless you are working with the laptop in your booth it’s likely not necessary. YMMV. One other caveat: you’ll likely have to pick up a small program to be able to enable the TRIM command on a Mac running less than OS 10.9. The TRIM function greatly speeds writing, and serves to spread the aforementioned wear all over the SSD. PCs don’t seem to be troubled by the TRIM command, but Macs are a bit fussy over whether they’ll allow TRIM to be enabled for the bootable SSD.

PHASE ONE OF SPRING COMPUTER REFURB

Given that budget is something of an issue, I’ve decided that phase one of the spring computer rehab will involve taking an IBM ThinkPad running Windows XP, replacing the internal 200GB spin-drive with a 240GB SSD from Crucial (it’s just a feeling -- I like those guys. I’ll install a new battery and put Win 7 Professional on the internal SSD and see how it all goes. If there’s extra money later I’d like to replace the optical drive with another small SSD, but finances dictate that will have to wait a bit. I’d like to see how quiet I can get that entire box with the SSD, as the fans almost never kick into action. The whole machine will be dedicated to Sound Forge and Reaper, respectively, and we’ll see how it all goes, and I’ll let you know whether I’ve salvaged a good laptop or completely wasted my time.

heartNOW, A FEW COMMENTS REGARDING HEARTBLEED

As most of you have already heard, the Interwebz took a significant hit during the week of April 7, 2014, with the appearance of the so-called HeartBleed bug. The problem brought on by this bug was, and in some cases still is today, that one of the industry standards for file encryption, OpenSSL, had a problem that prevented it from doing its job, which is to encrypt people’s sensitive personal and financial data on the Interwebz and deliver that data in a secure manner between the server and the user.

WHAT IS HEARTBLEED?

This bug has actually been around for nearly two years. And in that time, it may well have “leaked” thousands of secret encryption “keys”, along with the encrypted messages and data that were being transferred from computers to servers and back. The world thought that OpenSSL was safe and secure during that entire period until engineers from Codenomicon, a Finnish security firm, discovered the bug during testing of their own software tools. According to one of the engineers, he and another were testing some new features for Codenomicon’s protocol test suite with a feature called Heartbeat, which sends data between servers to see if it comes back unaltered. After noticing some irregularities in the results, the engineers then probed further with tests that would ultimately reveal the Heartbleed bug.

HOW BAD IS IT?

HeartBleed was rightly considered by the industry to be a serious matter, since OpenSSL is considered to be THE industry standard for secure communications, against which all other methods are tested and compared. It is important to note that the problem is not with the TLS/SSL protocols; rather it is with Open SSL’s implementation of those encryption methods. Reports indicate a German researcher experimenting with the OpenSSL project accidentally introduced the bug into OpenSSL, but it was so buried in the code that it is considered unlikely that hackers made much use of it until it was discovered and publicly announced. In the near term it will be little more than an inconvenience to the average user. Over the longer haul we may find that we are dealing with HeartBleed for some time to come as we discover more products that contain the buggy code. Recent reports indicate that a subset of Android operating systems utilize the flawed version, and Android users need to check that their devices are not using version 4.1.x, released in 2012.

WHAT DO I NEED TO DO?

The prevailing advice for end-users, as reported by the usual media suspects, is still valid today -- change your danged passwords, please, and be prepared to do it again later as more systems are patched! And when you do, create a complex one that will not be guessed easily. Further, do not use the same passwords on multiple websites. It is that simple, and now that the world knows of HeartBleed, it is more important than ever that we learn to create stronger passwords, whether by using passphrases or password lockers or some other means.

It is also the case that scam artists will by now have deployed spam letters and web ads promising to save you from HEARTBLEED with “magic” software. Suffice it to say that no legitimate commercial service will “clean up” your computer for you, so do not be fooled. Whatever you do, do not respond to any offer to save you from HEARTBLEED, particularly if it asks for personal information.

WHAT ABOUT MY SERVERS, ROUTERS, AND VPNs?

For those of us who run servers and maintain wireless networks as part of our living, further action may be needed. You see, we didn’t get the full story during the first days from those usual suspects in the media. For us, the solution goes somewhat deeper than just website passwords. It turns out that OpenSSL appears as part of the operating system for routers by Linksys, Cisco, Juniper, and others, including those running the open-source Tomato operating system (you know who you are). Notably, Apple routers appear to be immune, since Apple has written their own TLS software for their Airport series of routers. Same with Cisco, although the latter has been less than forthcoming regarding whether or not the OpenSSL code is part of their consumer-grade routers. Still, it’s worth a look.

Finally, check to see if there are any recent firmware updates for your routers, particularly if they are a few years old. Yes, there are simple patches for servers that require but a few minutes to install, and a reboot. There will also be software upgrades that will alter the code in your router used to implement a VPN connection. And finally, check to see if your routers support OpenVPN, since that flavor of Virtual Private Networking software actually uses the OpenSSL libraries to implement encryption, so these should get firmware upgrades as well.

Above all, don’t panic. HeartBleed is not a Good Thing, but neither is it the End of the World As We Know It. Patches have been generated quickly, and that has served to limit the damage for now. We’ll just have to wait to see the long term effect. 

Comments (0)

There are no comments posted here yet