Synchrony Bank Spam Attack

Over the past 24 hours, numerous individuals received e-mails that appeared as a phishing attack. Messages from Synchrony Bank, which contained verbiage about an Amazon Creditbuilder account, were sent in conjunction with an application link. Tweets from recipients, contained within the linked article, show a second-level failure with respect to contacting customer support. Calls dropped, a general lack of response and an overall attitude of not valuing the customer were predominant at Synchrony. A follow-up e-mail sent from the same account is provided below.

The majority of breach-related investigations, such as those at Equifax, T-Mobile, and OnePlus required more than a few hours to perform the necessary forensics to identify the scope of impact. If this was truly a programmatic internal error which did not warrant an in-depth investigation, the fact that it specifically relates to an Amazon financing service raises additional alarms for us. All of our business with Amazon concluded in 2017. The lack of GDPR-style regulations for US consumers prevents written and verbal requests to be forgotten from having any teeth. We truly need better laws to protect and empower the consumer.

Do Vendors Value Their Customers?

The past few days have been spent troubleshooting some anomalies in the software and networking space. Shaun Nichols at The Register has posted a solid summary of Ubiquiti Networks’ arbitrary decision to turn their customers into a hotbed of telemetry data. The following community post from eight days ago clearly demonstrates a lack of planning and customer engagement that never manifested prior to going live with this change. The default of opt-in without an option within the controller to opt-out is the icing on the proverbial cake. What started with a forum redesign, which was maligned by the majority of the customer base, has evolved into continued disrespect for the company’s customers. While they claim that blocking traffic going to trace.svc.ui.com will provide a workaround until the necessary elements are implemented within the controller, the fact that these changes were implemented in a “do first and ask for forgiveness later” manner highlights how little the customer base and associated relationships mean to Ubiquiti.

The extensive troubleshooting performed on our Unifi-powered network had a repeated pattern of failure during the evaluation of the 4.0.66 firmware. Approximately fifty minutes into every hour, there was a complete loss of external connectivity for a two to three minute window. Researching the behavior and available information initially led us down a path of confirming that our ISP had not set the DHCP lease renewal process too aggressively for their devices. Confirmation that this was not the root cause of the behavior was provided yesterday afternoon.

Ultimately, further analysis of logs within the gateway finally bore fruit; the gateway was attempting and failing to perform a speed test on an hourly basis. Within the controller, the automatic execution of a speed test had always been disabled. Newly introduced errata, either in the latest controller or the newest firmware for the access point and switches, attempted to execute a speed test that never concluded. Adjusting the echo server from ping.ubnt.com to ping.ui.com under the Advanced section of the device’s management interface within the controller was paired with an enablement/disablement cycle of the speed test and a force provision to ensure it properly terminated.

Companies benefit from the repeat business from satisfied customers. Failing the basics of Communication 101 is not a good look.

Update (11/12/2019): The fine folks at Ubiquiti have published firmware 4.0.69.10871 which undoes the telemetry implementation for the time being. While the initial approach riled some feathers, the provided update is a good start with respect to restoring trust with customers. It’s commendable that they reversed course and listened to the concerns raised within the community.

Navi Support for macOS 10.15.1

With the official release of 10.15.1, Apple has finally enabled support for the current generation of Radeon GPUs using an external Thunderbolt 3 enclosure. With the reductions in overall power consumption and the ability to obtain better-than-Vega64 performance, this is an excellent development for extending the lifecycle of applicable platforms. Replacement of a Vega64 with an RX5700 was quick and the restart of the Mac mini immediately presented output to the monitor. Time will tell if the RX 5700-series GPUs will be a direct drop-in for the 2019 Mac Pro. Ideally, it’s going to be a noticeable performance improvement over the baseline “RX 580 Pro”.

QSnatching Your Candy

The nastiest trick one can encounter on Halloween would involve having their NAS infected with malware. Sergiu Gatlan at BleepingComputer has posted some information on a new malware strain that is targeting… wait for it… QNAP NAS devices. While the root cause of exploitation hasn’t been pinned down at the time of this writing, we have our theories related to which default app or service may be used in such efforts. Out of an abundance of caution, we’d recommend heeding the advice provided by NCSC-FI with respect to disconnecting them from the Internet. If you have myQNAPCloud enabled or various NAS services exposed externally, temporary disabling the services and removing less restrictive firewall rules to expose said services should provide sufficient mitigation until the root cause can be identified. Hopefully, those who have been infected have a solid backup strategy in order to restore their data in the event that a full wipe of the NAS is required.

New Procedure is Online – PiHole Containers on QNAP NAS

We’ve completed the testing and validation of our PiHole setup process for QNAP NAS units using Container Station. The initial intent of using the vendor-provided Docker image ran into a number of issues which have been well captured in the QNAP forums. While the possible workarounds will enable it to run, the reliability may be somewhat suspect. Instead, the option to use an Ubuntu 18.04 LXC base with minimal modification felt like a better fit with consistent results. The formal documentation is available under the Reviews and Procedures section of the site. We’ll have much to discuss over the coming days and weeks.

First Hand Experience with Ryzen 3000

Things have been incredibly busy here at Reztek Systems. We’ve constructed a 2019 gaming rig that consumes considerably less power than the outgoing model while bringing the latest and greatest technologies in a mini ITX form factor. Specifics regarding this system and the experience will be documented in the coming weeks. Initial notes and other articles of interest which will come in handy if you’ve got the itch to build around the Ryzen 3000 series and the X570 chipset include:

  • Joel Hruska’s analysis of the power draw differential between prior chipsets (X470 in the benchmarks he’s provided) and the X570 chipset highlights the potential for higher than anticipated operational costs. The benchmarked uptick in consumption can add up quickly depending on where you live and your current rates for service.
  • The AGESA 1.0.0.3 ABB Combo BIOS is available from the majority of motherboard manufacturers now. This firmware, when combined with the latest chipset driver, provides fixes for unexpected errata which manifested at launch.
  • Hardware Unboxed has identified discrepancies between motherboards with respect to enabling Ryzen 3000 to hit advertised boost clocks. They’ve also done some pretty comprehensive testing on VRM temps for the X570 motherboards.
  • The chipset fan, while required, can be alarming due to how loud it is. The motherboard we’re using would quickly ramp the speed up to its peak of 5000 rpm using the 1.00 BIOS. With the fan at 100%, the chipset was reporting back a temperature of 72C which raised cause for concern. Engagement with the manufacturer provided a beta BIOS that was supposed to help. The official 1.20 BIOS was released about five days after we received the beta code. The chipset now hovers in the 65-69C range with more variability on the fan. While this is an improvement, it’s still suboptimal.

Parsing the RX 5700 and RX 5700 XT Review Data

The initial data related to AMD’s official launch of the Radeon RX 5700 and RX 5700 XT appears to be fairly positive from the positioning and subsequent conclusions by the various authors who have released their results. The rather eye opening and informative demonstration of the potential implications of the silicon lottery, which was well done by Gamers Nexus, raised a minor concern related to the data which may await those who are in the market for an upgrade.

Much of the commonality between test beds across sites (Intel Core i9-9900K, DDR4-2666 or greater memory, Z390 chipset) helps rule out the processor as being the bottleneck. The supporting data for in-game settings used by the reviewers is more of a mixed bag that would prevent the identification of potential bad luck in the review sample lottery. One difference in utilized API (DirectX 11, DirectX 12 or Vulkan) or anti-aliasing setting (none or reviewer’s choice) may skew the average frame rate results between sites to a degree beyond the expected margin of error due to a given GPU’s ability to perform in the best light possible.

With the five reviews that we’ve completed going through in depth, there are some results that simply don’t come close. An average FPS difference of ~9 when going from 2x MSAA to 4x MSAA on Forza Horizon 4 at 2560×1440 makes sense. An average FPS difference of ~53 using “very high quality” settings in Grand Theft Auto V at 1920×1080 between the highest and lowest results witnessed thus far indicates that a lack of commonality with regard to which settings are or are not enabled.

Considering the time crunch that all sites were under to get this data published alongside Ryzen 3000-series reviews or to complete benchmarking of the RX 5700 series GPUs along with the RTX Super-series GPUs, it’s impressive to have such a diverse volume of data available for decision making purposes. I tip my hat to each and every one of you that underwent crunch time to provide us with the related information. Consumers do appear to be winning in 2019 based on the renewed offerings that AMD has to go up against Intel and Nvidia in target markets.

Weekend of Excitement – AMD and Nvidia Edition

This upcoming weekend will be kicking off review season for the Ryzen 3000-series processors and Radeon 5700-series GPUs. Nvidia took the early lead in capturing mindshare with the release of its Super-series RTX GPUs. Early benchmark leaks for the Radeon 5700-series offerings, which can be found via capture and discussion at Resetera, demonstrates that AMD’s price cut on these products will better position them to compete against the refreshed Nvidia stack.

The proof will be in the pudding once the embargoes are lifted and a larger pool of data is available from multiple trusted resources. The top of AMD’s GPU stack, the Radeon VII, appears to be stuck between a rock and a hard place. While it comes with a generous allocation of HBM2 for creative and professional workloads, the power consumption, thermals and price are going to be a much harder sell after July 9th in our opinion.

We’re also disappointed in AsRock’s preparation for the impending launch of the Ryzen 3000 series processors. After Gigabyte’s epic failure to produce the Thunderbolt 3 solution for the Designaire X399 Threadripper motherboard, the Computex 2019 offerings captured by Anandtech are nowhere to be found 48 hours before the launch date. The X570 Creator and X570 Phantom Gaming-ITX TB3 are absent from the documented lineup. Our interest in the X570 Creator stemmed from the inclusion of the Aquantia 10Gb NIC onboard as well as two Thunderbolt 3 ports. There’s merit in having a high speed external expansion option when thinking about how the system will be used three or more years down the line.

Google Stadia First Impressions

Google’s event for their Stadia game streaming service has provided additional insight into the cost model and bandwidth requirements. There are plenty of ISPs that implement monthly data caps between 300GB and 2TB of data per account. Some providers offer options to pay extra for unlimited data while others will milk their customer base dry using incremental fees for each overage. Recognizing that 4K gaming at 60 frames per second with surround sound will consume up to 35 Mbps means that data caps may limit utilization of the service.

It will be interesting to see what advantage Google gets as first mover. E3 is rapidly approaching and Microsoft is reportedly announcing their cloud gaming offering which may directly compete with Stadia from the functionality and capability perspective. While Apple may have misfired with their News+ service, the fact that they’re adding support for Xbox One and PlayStation 4 controllers may signal that their upcoming game service will cater to both casual and core gamers.

Thoughts on WWDC and AMD’s Ryzen 3000 Series

Many positive developments occurred during Apple’s Worldwide Developer Conference. The iPadOS fork brings about many overdue features such as Bluetooth mouse support and more. The Mac Pro being released in the fall has certainly set the Internet afire with chatter. There is a level of engineering present in the full stack of what has been revealed that demonstrates what a product can be when a company actually listens to its customers. The primary misfire during WWDC involved the pricing for the optional stand which supports its new 6K resolution monitor. It appears that initial feedback from the crowd was worthy of censorship. While we don’t deal with truly high-end professional monitors here, every monitor that has been purchased over the past 15 years included the stand. The warranted ridicule for making a potentially integral part of the display use experience could have easily been avoided by adjusting the base MSRP of the monitor to include the stand by default. Less waste due to shared packaging and complete usability fresh out of the box should have been obvious from a marketing and product development perspective. At $999 MSRP, we can only hope that the stands are made out of recycled vibranium shavings obtained from conflict-free Wakanda minerals.

AMD’s Computex announcements and subsequent clarifications instill a fair degree in confidence related to the soon-to-be-available Ryzen 3000-series processors. The spread of core counts and performance profiles per processor sound ideal. Pricing is in line with prior iterations from a value proposition perspective. The first-mover advantage to utilize the PCI Express 4.0 standard has resulted in the reintroduction of chipset cooling fans for the majority of consumer focused X570 chipset-based motherboards. The proactive approach by the supporting vendors to mitigate the risk of heavy I/O-induced thermals possibly compromising system stability is a good first step in providing a reliable and flexible platform. AMD’s decision to limit support for PCI Express 4.0 to its newest chipsets is also a wise decision. The potential problems that may have manifested across budget boards are effectively mitigated with this decision. Ryzen 3000-series processors will still be a higher performance drop-in replacement (with applicable BIOS update) for many of the systems out there today. We’re looking forward to benchmarks next month.