Previous Reports
Research Reports

This Week in HPC: Altair's Bill Nitzberg Discusses Heartbleed in HPC

by Addison Snell, Michael Feldman
for Intersect360 Research
May 2014

PODCAST EXCERPT

The following is an excerpt from the weekly Intersect360 Research podcast, “This Week in HPC,” available on iTunes, Stitcher, and through our media partnership with insideHPC. The full podcast can be found at http://www.intersect360.com/industry/podcasts.phpand is hosted at http://insidehpc.com/2014/05/02/nersc-buys-knights-landing-supercomputer-altairs-bill-nitzberg-heartbleed-hpc/.
 
In this podcast segment, recorded on May 1, 2014, host analysts Addison Snell and Michael Feldman interview Bill Nitzberg, CTO of the PBS Works division of Altair, concerning the impact of the Heartbleed bug on the HPC industry.
 
Addison Snell:This week in HPC, we’ve been looking at … what’s colloquially been known as the Heartbleed bug, Michael. This was the security flaw that got exposed in certain versions of SSL — specifically OpenSSL, which handles a lot of internet traffic — and created a lot of security vulnerabilities. You read about that in the news, I’m sure.
 
Michael Feldman:Yeah, it’s been all over.
 
AS:   Did you change your password at every site you use?

MF:   Not yet, but yeah, I guess not a lot of people haven’t done that, either. … This is something that’s been around for a couple of years and it was uncovered recently, so people are kind of scrambling to figure out how to plug that flaw. They’re also worried about what’s gone on for the last two years if other people have found this unbeknownst to you and everyone — what damage it’s already caused. It’s been there for so long and it’s basically affected a good swath of the internet traffic.
 
AS:   Security and secrecy are always things that are near and dear to HPC customers’ hearts, so we wanted to take a look at what does Heartbleed have to do with the HPC industry. Joining us for this segment on our podcast, I’m pleased to welcome Bill Nitzberg, who’s the Chief Technology Officer of the PBS Works division at Altair. Bill, thanks for joining us.
 
Bill Nitzberg:Thanks very much for having me.
 
AS:   Bill, it’s fun having you on the podcast here. So, this is what we were just talking about: Heartbleed — we’re all reading about it; it’s in the popular press — what’s the overlap with Heartbleed into HPC?
 
BN:    Well, I think it’s relevant to HPC for the same reasons that it’s relevant everywhere else. You care about security. But in HPC, some of the biggest, world’s most important secrets and confidential information is actually processed on large HPC systems. In the automotive world, you want to keep the styling of your new car secret. In the drug-discovery world, a drug could be worth a billion dollars. You really don’t want that to get out.
 
AS:    There comes the question, though, if we’re talking about Open SSL, and this is an internet thing, where are the touch points where my HPC system is connected to the internet?
 
BN:   Well, you know, [there is one place] that it’s sort of disappointing in its impact. I should just say, in my experience, Heartbleed is kind of a once in every ten or twenty years kind of bug, although we have security vulnerabilities at one level or another showing up, but this one’s big. One thing that’s disappointing is that this affects some cloud computing. A lot of people want to do more HPC computing in the cloud. One of the big concerns with cloud computing has always been security, security, security.
 
AS:   We’ve heard that, in some of our surveys, that people are worried about security of HPC in the cloud.
 
BN:   This doesn’t really allay people’s fears about HPC in the cloud. I know, for example, Amazon bases a lot of their stuff on tons of open-source software. Open source is kind of baked into HPC anyway. But Amazon, they did do some patches; they were vulnerable. It’s just one of those things; it’s not going to speed up the adoption.
 
AS:    And then with Altair specifically, what’s your role in this with Heartbleed specifically and with security generally in HPC?
 
BN:    Altair has always taken security super-seriously. We reacted very fast when we found out about Heartbleed; we did a full analysis of all of our products and services. In fact, one of the things that’s helped us is that PBS Professional got a security certification a few years ago, and part of that was an independent certification of our processes to make sure that we do things like code reviews and check-ins are actually reviewed correctly even if people don’t follow the process. So we’re the only ELA3+ security certified workload manager.
 
AS:    So if I’m working with Altair I get to feel better about life with respect to the security of my HPC files.
 
BN:   I actually am a big … open-source proponent, and we even use open source. Like I said, it’s baked into HPC and so I don’t want to ever say anything bad about open source. But when you think about security, you don’t think about the software in particular that you’re getting; you want to think about the company behind the software that you’re getting. Open source has this little bit of a flaw… Well, actually I shouldn’t say open source has a flaw, because it doesn’t, right? But some of the projects …
 
AS:    Open source is inherently flawless, right? There’s nothing wrong with open source.
 
BN:   Well, software is inherently flaw-ful, right? I don’t know if you actually saw, there was a New York Times article on Heartbleed, and they quoted a Columbia professor and he had said something like, “Everybody’s job is not anybody’s job.” I think that’s sort of the difference that you get when you come to a commercial enterprise like Altair of any kind of well-run organization versus a project done in the bazaar.
 
AS:   Well, you pointed out: Software has flaws. I don’t think that’s going to change any time soon. Bugs happen. Take this forward into the future, right? What do we have to continue to look out for? You said this is a once-every-ten-years kind of problem.
 
BN:    I really hope Heartbleed is a once-every-ten-years problem because I’ve spent a lot of time changing all my passwords, and I encourage everyone to change all your passwords. Go download a good password manager, too, to help you out, to make some good ones.
 
         But I don’t think security flaws are going to go away. Security flaws will continue to show up. They’ll show up all the time, not just in the commercial internet, but inside HPC software, even inside our software. That’s why we have a lot of processes to make sure that they don’t and to react very quickly and to address them when they do.
 
AS:   We’ve been speaking with Bill Nitzberg, CTO of the PBS Works division at Altair. Bill, thanks a lot for joining us.
 
BN:   Thank you.

____________________________________________________
 
AS:   A fun interview, and very grateful to Altair’s Bill Nitzberg for joining us. Heartbleed, a very popular story, and interesting to get into talking about how it overlaps with HPC.
 
MF:   And it’s a subject we haven’t really talked about a lot, as far as security, but certainly security is a big issue, especially like we’ve been talking about with HPC in the cloud, and it’s refreshing to get that subject matter in there. It’s something I’m sure we’ll talk about again as these security issues become more prevalent, and as we talk about cloud again.
 
AS:   Hopefully not next week! As Bill pointed out, these things come up over and over again, and you never know when. But when it does, Michael, we’ll be ready.
 
MF:   We’ll be ready!
 


CONTACT INTERSECT360 RESEARCH
For full access to our HPC research studies, analysis, custom research and consulting, contact us directly.

» info@intersect360.com
» 888-256-0124
» Subscribe to our mailing list

Sign in to view premium content
Username:
Password:
Remember me on this computer
Become a client
Get access to our full reports
Close