Wednesday, May 16, 2018

A little Talos of your very own

I haven't had as much time to work on getting QEMU and Firefox functional/useable on the Talos II over the last few days because of work complications (I'll be reporting on that in a few weeks), but Raptor has heard those of you who are still suffering sticker PTSD from the Talos II and announced the Talos II Lite.

Yes, think of it as the Mac mini G4 to the Talos II's Quad G5. This comparison is not completely inappropriate because the T2L has only one CPU socket (the T2 has two) and thus only 24 PCIe lanes, split amongst an x16 and an x8 (the T2 fully loaded has two x8s and three x16s), and "only" 8 DDR4 slots (the T2 has 16). You can still cram one of the 22-core demons into one of those, though. Starting price is "just" $1399.99, though as with the Talos II the CPU is extra ($375 for 4-core to $2575 for 22-core), the RAM is extra ($255 for 16GB to $2950 for 128GB), and the storage is extra (Microsemi SAS starts at $300 plus drives, or a Samsung 960 EVO NVMe 500GB for $350, or a four-port SATA controller for $50 plus drives). You can also add the same Radeon WX 7100 workstation card that's in the big T2 ($800), too, or just use the same onboard VGA controller that comes with the T2 (built-in). It has USB 3.0 and dual Gig Ethernet, just like the big fella, though it doesn't seem to come with a BD-ROM.

However, the mini:Quad analogy falls down when you look at the actual size of the Lite. It, too, is an EATX behemoth, despite the leaner spec. Personally I would have hoped for something a little more manageably dimensioned. Raptor is taking about offering a smaller board but that would require a redesign and this was probably an artifact of getting it launched cheap(er)ly.

So would I have saved money with my T2 going Lite? Let's price it out: $1400 for the system (includes 500W PSU and EATX case), $595 for the octocore POWER9 (my T2 has two 4-core chips), $535 for 32GB ECC DDR4 RAM, $350 for the SAS card, $800 for the AMD Radeon WX 7100, $50 for the 4-port SATA card (this came installed "free" in my T2) and $350 for the 500GB Samsung NVMe SSD. Sticker price for that configuration is $4080 plus applicable tax and shipping; I repriced the same configuration for the Talos II and got a sticker cost of $7360, about $250 more than what I paid personally (the benefit of being an early adopter), so let's say a cost difference of $3300. That's substantial and a whole lot more palatable. $4080 is actually within Quad G5 range -- I paid not much less than that for my Quad G5 back in the day with the 7800GT and 8GB of RAM. A cheap SATA DVD-RW or something wouldn't add much more to the price if you want an optical drive.

There's a small problem here though: the Lite can't actually accommodate that loadout because there's not enough PCIe slots to get it all in there. In fact, I've got another 1GB NVMe drive to install in my T2, and I'm probably going to pull the now unused Sonnet FireWire/USB PCIe card (I prefer FireWire hubs) from the G5 to install in it too, which may mean temporarily pulling the SAS card until I'm ready to populate the front bays. Also, the Talos II out of the box doesn't support PCIe bifurcation, so I really do need both those slots for my SSDs. Per Raptor it can: with changes to the machine XML definition it could be made to "trifurcate" the x16 endpoint on slot 3 (CPU 2, PHB2) into an x8 and two x4, but that would mean that the available 4-way M.2 NVMe multicards would only have at most three slots available, and the system doesn't ship that way anyhow. Besides, even if you did get bifurcation working on the Lite, you'd only have the remaining x8 for anything else which couldn't be used for an x16 workstation video card.

But let's say you're not a maniac like me and you want a basic "budget" config. Let's drop the workstation card and the SAS card, and drop to a 4-core with 16GB, and we have a $2430 system. Wow! Not bad! You've still got the NVMe card and storage expansion over SATA, and you've still got USB ports for audio and the onboard VGA. But you've used up all your PCIe slots, so let's hope you don't need anything else to go internal (let alone 3D acceleration). If you really want that x16 slot back, drop the NVMe card and add some SATA drives ($2080 + devices), but now you're starting to strip this system down more than you might like to, and it doesn't get much cheaper that way.

Overall, that $3300 really does translate into greatly improved expandability in addition to the beefier power supplies, and thus it was never really an option for my needs personally. Maybe my mini:Quad analogy wasn't so off base. But if you want to join the POWER9 revolution on a budget and give Chipzilla the finger, as all right-thinking nerds should, you've now got an option that only requires passing a kidneystone of just half the size or less. It ships starting in July.

Another interesting thing Raptor pointed out: in the Phoronix performance tests, the Talos was running with full Spectre and Meltdown protections, but the x86 wasn't! Boooo! And if you really want to turn Spectre protections off on the Talos for even more grunty, you can do that. Meanwhile, as we speak, Intel is making people take down their firmware documentation and trying to stymie efforts to reverse engineer them. What system would you rather support?

11 comments:

  1. "But if you want to join the POWER9 revolution on a budget and give Chipzilla the finger, as all right-thinking nerds should..."

    There's a cheaper way to do that you know, just get AMD. It's even bigger finger because while IBM is not a threat to Intel that much, given how they have their own spheres of business that hardly overlap, AMD is actually a thorn in Intel's side. And much more of a small underdog :)

    "Another interesting thing Raptor pointed out: in the Phoronix performance tests, the Talos was running with full Spectre and Meltdown protections, but the x86 wasn't!"

    I've read the comments and he kind of alleged it, but I'm not so sure that was true. If the tests ran up to date Linux (Phoronix says they used 4.16 kernel), they would have spectre and meltdown patched too.

    He also said something in the comment that most people might have interpreted as stating Power9 not being vulnerable to Spectre at all, which would be 100% lie. I don't know that he did that on purpose, might have been unintentional, but... you get the idea how that looks.

    Basically, he is still a sales person for a company, so what he says has to be taken with grain of salt.

    ReplyDelete
  2. Not sure how you expect to actually change the freedom issues by selecting AMD--they literally can't release PSP or other low level firmware source (or even documentation, in some cases!) because they don't even own the IP, and the binaries are signed and non-replaceable (hardware verified).

    Also, IBM has indicated POWER9 is not vulnerable to any variants of Meltdown or Spectre. Do you have information to the contrary?

    Beat in mind Intel's firmware patches to actually stop Spectre v2 only came out very recently. POWER9 was protected at ship.

    ReplyDelete
  3. Timothy Pearson:
    "Firmware patches for POWER7, POWER7+, POWER8 and POWER9 platforms are now available via FixCentral." (dunno if this was at shipping time, because IBM is rather opaque about when it started shipping - wasn't it last year?)
    https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/

    After all, pretty much any complex CPU core suffers from Spectre... so microcode update aside, an out-of-order CPU that was designed and taped out before H1 2017 simply has to be vulnerable on silicon level.

    As for freedom issues, I don't personally care about that sort of stuff*, and caring about those things is not really implied in the part that I quoted and reacted to. Competition on the market, that I see as important though, for the broad IT space but also for advancement of CPU technology. IBM sadly doesn't reach outside of the big iron CPU space much, so their impact on CPU space is also lesser (no notebooks, affordable, SFF stuff).

    * or better said - I don't consider them serious enough to be worth spending money and time on. The alleged risks of having a CPU with closed controller unit are low enough in my view that it is not worth it to address them and resources are better spent elsewhere, because I don't have infinite time any money. Much like there is a chance that my house will be struck by a stray asteroid. The possibility is there, but I am not going to turn it into a reinforced vault due to that.

    Also running on AMD actually does provide a degree of protection, being on a platform with 10% or sub10% marketshare means you are not a primary target and the efforts to compromise hardware/firmware are primarily focused on the majority vendor and only secondarily on your hardware.

    ReplyDelete
  4. Actually, it gets better.
    While Meltdown is usually considered to be Intel-only problem (but what is lesser known, Cortex-A75 and Apple ARM cores have too!), it turns out that IBM Power actually also has this bug in addition to Spectre v1 and v2. And I don't have to remind everyone that AMD cores have never been vulnerable to Meltdown a.k.a. Rogue Data Cache Load/CVE-2017-5754
    See:
    https://www.ibm.com/support/knowledgecenter/en/POWER9/p9hby/p9hby_speculative_execution_control.htm
    http://www-01.ibm.com/support/docview.wss?uid=isg3T1026811

    BTW your own wiki says "POWER7, POWER8, and POWER9 are patched from CVE-2017-5754 by purging the L1 cache when context switching to a less privileged process, as the vulnerability on these architectures affects L1 but not L2 cache.[10] Firmware updates are also required to enable workarounds at the hardware level."
    https://wiki.raptorcs.com/wiki/Speculative_Execution_Vulnerabilities_of_2018

    ReplyDelete
  5. Thank for your feedback!

    So any CPU configured wrong is going to be vulnerable to Meltdown, Spectre, and a host of other side channel attacks. POWER9 never shipped with the vulnerability enabled; the only devices affected were basically preproduction (stepping DD2.1 and below) devices. The production DD2.2 devices shipped alongside firmware that configured them to be immune to Spectre and Meltdown. Whether you want to call that a mitigation or not is a matter of semantics; immunity to Spectre at a hardware level is something that requires features be removed, so would suspect there will likely be a flag to re-enable those features even on CPUs that are "patched in hardware" later on.

    Basically, if your CPU has a branch predictor, it's going to be vulnerable in one form or another to Spectre and its variants. Completely shutting down Spectre basically means disabling or heavily neutering branch prediction, which is a heavy performance hit regardless of architecture or whether the change to do this is in firmware or hardware.

    It sounds like owner control isn't really something that is important to you, so you have a wide selection of cheap or near-free hardware to choose from. There are other folks though that do care about the owner control and security aspects of computing, and that is where Talos II and POWER9 sit.

    ReplyDelete
  6. Only Spectre v2 (Branch Target Injection) is exploiting branch prediction. v1 Spectre is about bounds checking and and Meltdown is primarily about not respecting priliged/unprivileged code boundaries.

    The brach predictor version of Spectre actually doesn't require disabling the predictor on x86, it just restricts it using newly introduced functions, when in a risky situation (like system call). And there are other mitigations like retpoline, purely software. While there are some tasks like compilation on Intel that suffer a lot (probably also due to Meltdown added), it isn't that big of an impact mostly, single-digit percent, often very low. Apparently on Epyc/Ryzen it is even smaller (AMD partners still have to release the new firmwares for older boards though). So running with these mitigations is not that bad usually.

    I didn't see benchmarks for Power9 with/without them, maybe something Phoronix could test? I'd say the impact will also be quite mild, though with compilation and heavy I/O, one never knows.

    ReplyDelete
  7. @Timothy Pearson
    I forgot to say that I am not really against Power9 or Talos II. I actually like the idea and am glad it made it into production. But my reason for liking it was because of the CPU/architecture diversity it brings.
    Prices is too high for most people of course, but that also goes for the recent attempt of Qualcomm to go into notebooks. I'd also like to see that succeed and take roots, especially since they seem to finally make Microsoft to make a full ARM Windows with ability to run self-compiled/out-of-store native code. While I like and have respect for x86 CPUs and don't want them to go away at all, having more platforms would be nice, even if they are minority.

    ReplyDelete
  8. @Jan Yes, it's the Spectre v2 protection that's the heaviest hit by far. Dialling that back to only protecting sensitive context switches (kernel calls) greatly increases POWER9 performance, and we're working with Phoronix to see if we can get benchmarks posted that show the difference. This particular protection disproportionately impacts interpreted code, such as PHP and Python.

    The x264 results are an artifact of a complete lack of optimization of the encoding engine for POWER9's vector units. We hope over time as more POWER9 systems make their way into the wild that the encoding engines will start to be optimized, and start posting numbers that are closer to their true capability on POWER9.

    Agreed that diversity is very important. Without it, we'd all be stuck with x86 under whatever terms Intel and AMD decide to allow access. At least with OpenPOWER you can license the cores and build your own processors (if you have the resources to build a top-tier processor, not many do).

    For what it's worth, I'm far more concerned about giving accurate information than promoting a particular brand. Meltdown and Spectre v1 protections didn't cost anything (basically rounding error) on the final chips; it's the Spectre v2 user mode protection that's really made a mess across all architectures as far as I can see.

    ReplyDelete
  9. I fear the multimedia encoding probably doesn't have much chance for substantially improving. I know a bit about those codebases, there is an INSANE amount of hand-written assembly for MMX/SSE2-4/AVX2. More or less you can't really do a good encoder without hand assembly, and in case of x264, some of that has been extensively rewritten after initial implementations to get better performance, so not just written once and forgotten.

    IBM has tried to actually "address" this once, they sent a bugreport* to x264 that "it doesn't have expected performance" (...). They tried to get assembly for x265 by offering some small bounty once**, but it was a very limited effort and I think they grossly underestimated the extent such sponsorship would have to have to do anything.
    The problem is that getting Power to equal standing would require 1) very good assembly SIMD coders and to start, there's likely lack of those, even for x86 they are scarce. 2) paying them to do a lot of work, because the amount of SIMD functions is really high. Which means big investment because the open source media programmers (mostly found around ffmpeg, av1 and similar projects) won't do this for free. They are hobby-working on ARM sometimes, but that still doesn't have full ASM coverage despite being rather popular in the community.

    And worse, even after you got somebody to write (and tune) x264, then you have x265, libpx for VP9 or soon AV1 (libaom or another encoder if libaom wont be the go to solution). And perhaps decoders in FFmpeg too.
    (Note: x264/ffmpeg does have some old altivec from last decade, but it's going to be big endian which is a problem now that LE is preferred...)

    Sadly, multimedia is almost a horror worst-case scenario for alternative CPU ISAs due to this reliance on assembly SIMD. For this reason MIPS is also unusable for multimedia, same for SPARC (if it was used much outside Oracle servers) and RISC-V will also suffer from this. Even ARM isn't really suitable for encoding due to this, even if it has the best state of assembly optimizations after x86 (ffmpeg decoders should be well optimised at least, for mainstream formats). I think people/companies generally abandon attempts to change this once they get a grasp on how many manhours of expert work it needs.

    *
    https://mailman.videolan.org/pipermail/x264-devel/2016-January/011555.html

    **
    https://bitbucket.org/multicoreware/x265/issues/138/bounty-1-use-altivec-to-optimize-the-file
    https://bitbucket.org/multicoreware/x265/issues/139/bounty-2-use-altivec-to-optimize-the-file
    https://bitbucket.org/multicoreware/x265/issues/140/bounty-3-use-altivec-to-optimize-the-file
    I think somebody tried to take the bounty but didn't have needed skills/wasn't very open to learn it properly and the code was worthless.

    ReplyDelete
  10. This comment has been removed by the author.

    ReplyDelete
  11. The Talos II and POWER9 are the _only_ solution that presently exists when a user wants both processing power and privacy in their ultimate forms. There are no better alternatives.

    Lesser alternatives _do_ exist, though, such as pre-2011 AMD processors (which lack PSP's spying module that is also insecure), which would be the second-best offer when coupled with the ASUS KGPE-D16 motherboard with Libreboot installed. (I believe the people at Raptor are the ones that made this possible in the first place. They are awesome _beyond_ Talos II and POWER9.)

    Reports of "freed" ARM-based SoCs fly around, but that still doesn't include the GPUs. And even then they are lesser than the second-best alternative described above.

    Even if AMD wasn't spying on people and keeping insecure backdoors with PSP in their modern processors, it's still stupid to invest on them as opposed to POWER9 in terms of picking the pointiest thorn against Intel: the fact they share the base x86 ISA makes AMD _less_ pointy, not the contrary, because that encourages and facilitates Intel migration at any given point in time! Vice-versa is also true, but the point is the fact that the vendor "diversity" between the two strengthens them, not weakens them! This is OBVIOUS! And is also why POWER ISA processor licensing facilitations are being encouraged, and why ARM was even as successful.

    (Message reposted with key typo corrections.)

    ReplyDelete

Due to an increased frequency of spam, comments are now subject to moderation.