Sign in to follow this  
Followers 0
Vampire

NSA Hides Spying Backdoors into Hard Drive Firmware !

27 posts in this topic

Endurance does not in fact suck, but I suppose that's a matter of perspective. What's best is probably a new thread with more input on your needs.

Share this post


Link to post
Share on other sites

The article says "Kaspersky claims that the new backdoor is perfect in design. Each time you turn your PC on, the system BIOS loads the firmware of all hardware components onto the system memory, even before the OS is booted. This is when the malware activates, gaining access to critical OS components, probably including network access and file-system."

I'm pretty sure the system BIOS does NOT load the firmware of all hardware into its own memory space.

Back in the old days we used to have something called "BIOS shadowing" which DID copy the ROM of certain hardware, usually VGA BIOSes, into memory for faster access.

But I've never heard of the hard drive ROM being loaded into system memory during regular use.

Edited by FastMHz

Share this post


Link to post
Share on other sites

I'd like to see the background material on the claims, specifically showing where the code comes into play, how they are detecting it, maybe a packet sniffer on a clean/silent system showing calling home connectivity from this stuff.

Share this post


Link to post
Share on other sites

Endurance does not in fact suck, but I suppose that's a matter of perspective. What's best is probably a new thread with more input on your needs.

Except Samsung 850 Pro (40-nm) all of them suck.

Even then 150 TB for 1TB SSD = filling that SSD 150 times !

Compare that to infinite times filling of HDD.

If i write the SSD 1 time each day full i have around 1 year of lifespan. And that only if NAND P/E Cycles are indeed 6,000 which i doubt they are.

http://www.anandtech.com/show/8239/update-on-samsung-850-pro-endurance-vnand-die-size

150TB write limitation on the warranty so you won't be able to write a full drive each day without voiding the warranty ! Now you see the lies.

You write 150 times the 1 TB drive and it will fail hence the warranty limitation.

Share this post


Link to post
Share on other sites

99% of the people with SSDs don't write that much. And even when endurance is gone it doesn't fail, you just can't write to it any longer.

Share this post


Link to post
Share on other sites

Back when a 64g SSD cost a grand I was more concerned about this, but now I'm so unconcerned about SSD endurance that I finally replaced my SWAP / TEMP velociraptor with a cheap OCZ ARC100 240gb SSD. I write hundreds of gigs at a time, sometimes a few hundred a day doing mass data processing. When it begins to wear according to SMART, I'll buy another one. Prices have dropped immensely, and will continue to crash. I wouldn't sweat it.

Share this post


Link to post
Share on other sites

http://www.mkomo.com/cost-per-gigabyte-update

Samsung 850 Pro is around 1.6 euro per gigabyte at best for 256 GB.

Like HDD in August 2002.

The fact that you can destroy a SSD in 24 hours by writting and deleting it until it fails is very bad stuff. You can't destroy a HDD in 24 hours like that.

Probably only SLC with 10 times the endurance is a longer lasting device. Althouth you can still break it in 10 days. Price is prohibitive here.

Share this post


Link to post
Share on other sites

It's not physically possible to write the drive to endurance limit in a day.

Yes, but you got the idea.

It's 2 day then. And 20 for SLC.

And regarding performance degradation over time :

" Samsung stated that the performance drop was a result of the usual NAND cell degradation and an issue with NAND management. "

Share this post


Link to post
Share on other sites

It's not 2 days though, there's no one that uses storage that way. And when you point me to some bizarre use case, then so be it, buy an HDD. For 99.999% of the world, SSD endurance is very good and perfectly acceptable.

Share this post


Link to post
Share on other sites

Yes, but you got the idea.

It's 2 day then. And 20 for SLC.

And regarding performance degradation over time :

" Samsung stated that the performance drop was a result of the usual NAND cell degradation and an issue with NAND management. "

You do realize SSDs exist (MLC) that can take in any load, literally, and maintain that worst case for 5 years and stay under warranty? Many of the high-endurance MLC SSDs have endurance so high that the drive can't ingest data faster than what it would take to wear it out in a short period of time. A "read focused" light enterprise drive can take ~1 DWPD, meaning you'd have to send its capacity each day for 5 years. Good luck finding any consumer usecase where you are going to wear out a light enterprise 480GB or 960GB Toshiba HK3R2 in 3-5 years.

Now switch that to the write-heavy Toshiba PX02SS which can do 30 DWPD at 800GB. 24TB of data per day, for 3-5 years.

You are going to wear out the servos in your poor antique HDD by the time you come close to matching the amount of data the SSD can write to itself, let alone the amount of data it would take to kill the SSD. Also good luck writing 200MB/s constant to your HDD (minimum speed required to meet 24TB per day to match the SSD) with anything less than a single sequential write stream. The second you do anything else the transfer speeds slow down and the SSD is laughing at you.

Share this post


Link to post
Share on other sites

The thing is, SSDs might have the same backdoors as well - we just don't know about it. Micron, intel, SanDisk, etc might have NSA doors as well. I would not be surprised if foreign companies like Toshiba, SK Hynix, or Samsung were working with the NSA as well.

That and even TLC SSDs have pretty decent endurance. We're talking 1 PB here.

Share this post


Link to post
Share on other sites

It's not 2 days though, there's no one that uses storage that way. And when you point me to some bizarre use case, then so be it, buy an HDD. For 99.999% of the world, SSD endurance is very good and perfectly acceptable.

You don't undnerstad my point.

I can destroy it in 2 days. That's how durable it is.

Don't care about consumers activitiy.

Consumers eat whatever big compaies feed them.

But if you want to destroy it you can in 2 days.

You do realize SSDs exist (MLC) that can take in any load, literally, and maintain that worst case for 5 years and stay under warranty? Many of the high-endurance MLC SSDs have endurance so high that the drive can't ingest data faster than what it would take to wear it out in a short period of time. A "read focused" light enterprise drive can take ~1 DWPD, meaning you'd have to send its capacity each day for 5 years. Good luck finding any consumer usecase where you are going to wear out a light enterprise 480GB or 960GB Toshiba HK3R2 in 3-5 years.

Now switch that to the write-heavy Toshiba PX02SS which can do 30 DWPD at 800GB. 24TB of data per day, for 3-5 years.

You are going to wear out the servos in your poor antique HDD by the time you come close to matching the amount of data the SSD can write to itself, let alone the amount of data it would take to kill the SSD. Also good luck writing 200MB/s constant to your HDD (minimum speed required to meet 24TB per day to match the SSD) with anything less than a single sequential write stream. The second you do anything else the transfer speeds slow down and the SSD is laughing at you.

This is the company marketing you are talking here. Time to wake up and stop spreading lies.

The thing is, SSDs might have the same backdoors as well - we just don't know about it. Micron, intel, SanDisk, etc might have NSA doors as well. I would not be surprised if foreign companies like Toshiba, SK Hynix, or Samsung were working with the NSA as well.

That and even TLC SSDs have pretty decent endurance. We're talking 1 PB here.

I agree. All big/medium companies that want to do bussiness in USA must play the NSA game.

You are talking about 150 TB for MLC under waranty.

Edited by Vampire

Share this post


Link to post
Share on other sites

This is the company marketing you are talking here. Time to wake up and stop spreading lies.

I'd really like you to show me how I'm wrong here. You are talking to the guy who has one of the most stressful and write-intensive testing platforms for enterprise products right now, where most individual drives that come through end with 50TB written. Most drives end up staying for new tests, get donated or shuffled off to other lab uses. Never had a drive fail from endurance related problems. If you are killing these SSDs I'd love to know more.

Your argument goes up in smoke when even discussing consumer SSDs, which are bottom of the barrel compared to anything in the enterprise space:

http://techreport.com/review/27062/the-ssd-endurance-experiment-only-two-remain-after-1-5pb

When enterprise drives come in for review we generally rack up around 50TB+ of data written, with some even higher if we spin through multiple retests. The Fusion ioScale PCIe SSDs (MLC) that are running in our flash array right now are closing in on 0.3PB written. Funny that even at that level this is the output spec:

Active Media: 100.00 % Reserve Space: 100.00 % PBW Endurance Rating: 20 PB PBW Used: 0.312 PB MiB Written: 297,169,661.294 MiB MiB Read:

382,556,019.058 MiB

Share this post


Link to post
Share on other sites

Write 150 TB on a MLC Samsung 850 PRO void the warranty and see how much you can write on it before it fails.

And keep in mind to restart the system because you may be able to write on it a little while but when you turn off and then on the power it won't be able to hold any information.

Some tests did just that.

Share this post


Link to post
Share on other sites

You're out of your mind, but thanks for the creative conversation. Unless you can point to something specific, you have nothing to stand on.

Share this post


Link to post
Share on other sites

You're out of your mind, but thanks for the creative conversation. Unless you can point to something specific, you have nothing to stand on.

I knew i would give you a great time.

http://techreport.com/review/27436/the-ssd-endurance-experiment-two-freaking-petabytes/2

840 PRO (21nm) started to fail after 600 TB, way after the 150TB warranty of the better 40nm 850 pro.

But not all nand is equal !

Once WLC reaches zero or one, it is generally a good idea to replace the drive as it may no longer be reliable. However, that does not mean that the drive will immediately fail -- according to JEDEC spec the P/E cycle rating is with one-year data retention, meaning that there can still be plenty of life left. The Tech Report's endurance testing gives a good picture of how much you can write after the WLC drops to zero, although personally I would still replace the drive ASAP because there is no guarantee that each drive performs similarly (remember, NAND is binned for endurance so there can be differences).

600 TB = 600 000 GB

For a 256 GB model like the one tested it means : 600 000 / 256 = 2343 cycles ! ( filling the SSD that ammount of times )

That mean a 512 GB model require the same 2343 cycles of writes but it would mean a total of 2 x 600 000 GB in total endurance correct ?

http://www.anandtech.com/show/6459/samsung-ssd-840-testing-the-endurance-of-tlc-nand

http://www.anandtech.com/show/8239/update-on-samsung-850-pro-endurance-vnand-die-size

Is the SLC rated at 100 000 cycles no matter the nm is is build on ?

If the MLC at 21nm is rated at 3000 cycles (in truth 2343 cycles) the 40nm is rated at 6000 (in truth around 4460 cycles).

So a 256 GB will resist 1 141 760 GB = 1141 TB if we scale all tests equally and not imaginary cycles like anadtech uses to round up numbers.

The problem is not all nand is equal and some fail sooner.

Of course, there is still the 150TB write limitation on the warranty. That figure is based on host writes, so it applies even if you are only writing sequential data with low write amplification. Samsung did, however, tell me that they can make exceptions as long as the drive is used in client environment, meaning that the purpose of the endurance rating is mostly to make sure that the 850 Pro is not used in write intensive enterprise applications.

in red marketing lies.

The thing is why is 150 TB limit the same for 128 - 256 - 512 - 1024 GB models ?

4430 x 128 = 567 TB

4430 x 256 = 1134 TB

4430 x 512 = 2268 TB

4430 x 1024 = 4536 TB

Share this post


Link to post
Share on other sites

I think the key thing here is we aren't comparing apples to apples. Consumer drives either don't leverage the same NAND quality as enterprise models, or offer the same firmware to support enhanced endurance that the enterprise SSDs offer. With that said, I think your expectations of what a normal user is going to dump onto their SSD over that period of ownership is skewed. The Samsung 840 Pro I'm using in my workstation at work currently has about 1.5TB written, after 1+ year of usage. Lots of media going back and forth, multiple OS reinstalls, the works.

In the consumer space a 150TB warranty covers 99.99% of buyers, where that 0.01% that is wearing them out should have probably purchased an enterprise model. Some guys that have this problem put consumer drives into an enterprise setting because of the low cost, but quickly realize that decision wasn't the best when the drive dies because it wasn't designed to handle the workload.

High-endurance enterprise SSDs can literally be so good that the only way to test one and bring it to failure from endurance related problems is to build a custom model with a single NAND chip and force all wear into one localized spot. Also P/E cycles aren't used for enterprise drives any longer... haven't been since the 25nm days around the time that "eMLC" started coming out. A drive with no advanced endurance firmware will give up the ghost when its P/E cycles are exhausted. A drive that can analyze the NAND as it wears and adjust voltages and other knobs and levers as time goes on to spread the wear more evenly can go much much further on the identical hardware. Those features don't exist in consumer drives, not that they can't, but because they want to have something to offer on higher-class enterprise models where that have larger margins and can charge more for it.

Share this post


Link to post
Share on other sites

Good.

I can't understand how can "adjusting voltages and other knobs and levers as time goes on to spread the wear more evenly" can bring that much difference.

I think it all comes down to cherry picking the nand in enterprise models.

Although here is another explanation from anandtech :

The Wear Leveling Count (WLC) SMART value gives us all the data we need. The current value stands for the remaining endurance of the drive in percentage, meaning that it starts from 100 and decreases linearly as the drive is written to. The raw WLC value counts the consumed P/E cycles, so if these two values are monitored while writing to the drive, sooner than later we will find the spot where the normalized value drops by one.

I found that the current WLC value drops by one after 60 P/E cycles (I ran the test over multiple WLC drops), which suggests that the WLC will drop to zero after 6,000 P/E cycles. In other words, the V-NAND in 850 Pro is good for 6,000 P/E cycles, which is twice the cycle count of modern 2D MLC NAND but quite far away from Samsung's "ten times the endurance" claims. Either Samsung is using lower binned parts in the 850 Pro (i.e. saving the 30,000 P/E cycle parts for enterprise drives) or the WLC value has artificially been limited to ensure that enterprises do not use the 850 Pro and pay the premium for the 845DC EVO/Pro instead. I am thinking it is more of the latter because the enterprise drives bring home much higher profits and of course Samsung wants to make sure that the 850 Pro is not used outside the client environment.


And if you have the drive 80% full then woudn't it fail fast ? At lest the 20% portion ? Or will it move files around ?

Edited by Vampire

Share this post


Link to post
Share on other sites

It does make a huge difference. Its the entire reason how and why enterprise models have such incredible endurance over consumer models. Also remember these figures stated if they weren't true would result in Dell, EMC, IBM, NetApp, etc all suing HGST, Sandisk, Micron and Intel into the ground for false advertising.

Also please stop quoting consumer tech sites and blogs on the NAND endurance figures. Enterprise features like endurance wear leveling don't make it into consumer drives... its a technology that no one wants to give away free.

A few examples:

Notice these are up to 45 DWPD of random workload for FIVE YEARS... worst case

http://www.sandisk.com/enterprise/sas-ssd/

HGST offers models up to 25 DWPD, also random workload for FIVE YEARS.... worst case

http://www.hgst.com/solid-state-storage/enterprise-ssd/sas-ssd

Those are warranty specific claims, if a drive died under those conditions before that time period it would get replaced.

Share this post


Link to post
Share on other sites

A few drives will offer a warranty with any amount of writes over a period of time because with random workloads, which most are, it's physically impossible to write that much data to the drives in five years.

Share this post


Link to post
Share on other sites

A couple of things:

  1. There probably are backdoors as well to HGST (part of WD), and everyone else. If the SSD makers are under suspicion, who are you going to buy drives from? Hard drive manufacturing and making NAND fabs is very capital intensive (billions) to set up a plant. That's why there's only a few players here. That being said, I'd love to see open source firmware and open hardware advance.
  2. As has been indicated, SSD endurance, even for TLC based SSDs is not a really big bottleneck. Perhaps for specialized enterprise uses. I knew of someone who uses eMLC based SSDs combined with large RAM disks as cache (they are hard enough on the SSDs that they would die in months if they did not use RAM Disks), all backed up by a backup power generator in case of power loss for what they do, but that's a very atypical and specialized write-intensive sort of the thing. For consumers, it's not a bottleneck at all - heck, for consumer I would argue sequential is not as important as read performance as well.

That leaves the question - who are you going to trust? The Cloud is even less safe.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0