Improving trust in the cloud with OpenStack and AMD SEV

By , September 13, 2019 1:00 pm

This post contains an exciting announcement, but first I need to provide some context!

Ever heard that joke “the cloud is just someone else’s computer”?

Coffee mug saying "There is no cloud. It's just someone else's computer"

Of course it’s a gross over-simplification, but there’s more than a grain of truth in it. And that raises the question: if your applications are running in someone else’s data-centre, how can you trust that they’re not being snooped upon, or worse, invasively tampered with?

Until recently, the answer was “you can’t”. Well, that’s another over-simplification. You could design your workload to be tamperproof; for example even if individual mining nodes in Bitcoin or Ethereum are compromised, the blockchain as a whole will resist the attack just fine. But there’s still the snooping problem.

Hardware to the rescue?

However, there’s some good news on this front. Intel and AMD realised this was a problem, and have both introduced new hardware capabilities to help improve the level to which cloud users can trust the environment in which their workloads are executed, e.g.:

  • AMD SEV (Secure Encrypted Virtualization) which can encrypt the memory of a running VM with a key which is only accessible to the owner of that VM. This is done on-chip so that even if you have physical access to the machine, it makes it a lot harder to snoop in on the running VM1.

    It can also provide the guest owner with an attestation which cryptographically proves that the memory was encrypted correctly and can only be decrypted by the owner.

  • Intel MKTME (Multi-Key Total Memory Encryption) which is a similar approach.

But even with that hardware support, there is the question to what degree anyone can trust public clouds run on proprietary technology. There is a growing awareness that Free (Libre) / Open Source Software tends to be inherently more secure and trustworthy, since its transparency enables unlimited peer review, and its openness allows anyone to contribute improvements.

And these days, OpenStack is pretty much the undisputed king of the Open Source cloud infrastructure world.

An exciting announcement

So I’m delighted to be able to announce a significant step forward in trustworthy cloud computing: as of this week, OpenStack is now able to launch VMs with SEV enabled! (Given the appropriate AMD hardware, of course.)

The new hw:mem_encryption flavor extra spec

The core functionality is all merged and will be in the imminent Train release. You can read the documentation, and you will also find it mentioned in the Nova Release Notes.

While this is “only” an MVP and far from the end of the journey (see below), it’s an important milestone in a strong partnership between my employer SUSE and AMD. We started work on adding SEV support into OpenStack around a year ago:

The original blueprint for integrating AMD SEV into nova

This resulted in one of the most in-depth technical specification documentations I’ve ever had to write, plus many months of intense collaboration on the code and several changes in design along the way.

SEV code reviews. Click to view in Gerrit!

I’d like to thank not only my colleagues at SUSE and AMD for all their work so far, but also many members of the upstream OpenStack community, especially the Nova team. In particular I enjoyed fantastic support from the PTL (Project Technical Lead) Eric Fried, and several developers at Red Hat, which I think speaks volumes to how well the “coopetition” model works in the Open Source world.

The rest of this post gives a quick tour of the implementation via screenshots and brief explanations, and then concludes with what’s planned next.

Continue reading 'Improving trust in the cloud with OpenStack and AMD SEV'»


What does negative harmony sound like? Here’s the answer!

By , June 23, 2019 11:00 am

In the last year or so there’s been quite a buzz in the music theory world about the concept of negative harmony, mainly thanks to a few YouTube interviews with Jacob Collier which have gone viral, especially the ones by June Lee.

But while this has been great for introducing the idea to many people, still most people don’t really know what music based on negative harmony actually sounds like! And as Jacob mentioned in some of these interviews, clever theoretical tricks are rather pointless unless you can actually make some great music from them. Most of the videos just focus on a few chords, which is a great start but far from the full picture.

Introducing the SHIMANator negative harmony app!

So I’ve built an app called “the SHIMANator” which can convert any music into its negative harmony equivalent, and I’m very excited to finally announce it to the world! Check out the video:

OK, but what’s the point?

I mainly wrote this app because a) Jacob asked me to, b) it sounded like a fun challenge, and c) the thought of being able to instantly hear the negative harmony equivalent of any music was very appealing.

But in the process of getting it working, it became apparent that this could actually be a useful tool for generating fresh new musical ideas and sounds. For example, I’ve talked to film / TV composers who got excited about using it to quickly generate music which is coherent with and relating to their existing material. For example if a musical motif in a major key represented a character in a film, flipping it about an axis would give you the negative version, which would sound in a minor key and could be used to represent the “dark side” of that character’s personality.

Can I try it out?

Not yet, but I’m aiming to offer early beta access to a select group of people at some point soon. Please show your interest by taking the following actions!

1. Sign up for updates on the SHIMANator

2. Let me know what you think and win a free copy!

Do you find this app interesting? Could you imagine using it yourself? If so, would you use it for composition, or as an extra effect in live improvisation, or maybe even for something else?

So I’d love to hear what you think – and the person who gives the best feedback will win a free copy of the software when it’s fully productised and ready to publish!

Please leave comments on the Facebook page or the YouTube video.

3. Subscribe to my YouTube channel:

How does it work?

At the simplest level, it takes MIDI events in, does some magic to convert to negative harmony, and then outputs the same events with modified pitches. So it should work with pretty much any piece of MIDI-compatible software or hardware under the sun.

The actual algorithm for the conversion is very complicated, so I’ll save the explanation for another time. But you can see from the video how melodic motion is inverted, as is motion around the circle of fifths.

How did this all come about?

Here’s the history, in case you’re curious.

I was introduced to negative harmony a few years ago by Barak Schmool, who later taught Jacob in his role as professor of jazz and world rhythms at the Royal Academy of Music. (Barak’s awareness of the technique was heavily influenced by his friend Steve Coleman, an incredible jazz saxophonist who has been using negative harmony in his music for many decades.)

At the time I built a really dumb prototype for fun, and fed Mozart’s 40th Symphony through it. The results were promising, but also sounded amusingly terrible due to every high note being converted to a very low note and vice-versa.

It was clear that without some magic octave transposition algorithm, notes would stray too far from their original register and completely screw up the voicing “texture” which the composer had intended. So shortly afterwards, Barak and I basically forgot about it, and instead got distracted experimenting on Giant Steps with some brilliant ideas he had regarding unequally tempered systems of intonation (which later inspired some of Jacob’s great work with microtonal voice-leading).

A year or two later, Barak told Jacob about my prototype. He was interested enough to get in touch, and you already know the rest of the story.

By the way, there is already some great music out there made entirely using negative harmony. For example see Steve Cruickshank’s fantastic YouTube channel, which is full of negative harmony covers of famous music. And I’m not even the first to come up with a negative version of Beethoven’s Moonlight Sonata. But I’m not yet aware of any other software which does what mine does. Hopefully you find its potential interesting.

Have you made any other music software?

Funny you should ask! Actually yes: in an earlier collaboration with Barak I built the Scale Matcher – a free app (web page) for finding which scales match a given chord. Check it out 🙂

If you read this far, congratulations – you are a most excellent and dedicated music theory nerd. Let’s have a pint some time. But until then, don’t forget to subscribe and let me know what you think!


Panorama Theme by Themocracy