Security

Ask Slashdot: Do We Need a New Word For Hacking? 192

goombah99 writes: Hacking and Hackers get a bum rap. Headline scream "Every Nitendo switch can be hacked." But that's good right? Just like farmers hacking their tractors or someone re-purposing a talking teddy bear. On the other hand, remote hacking a Intel processor backdoor or looting medical data base, that are also described as hacking, are ill-motivated. It seems like we need words with different connotations for hacking. One for things you should definitely do, like program an Arduino or teddy bear. One for things that are pernicious. And finally one for things that are disputably good/bad such as hacking DRM protected appliances you own. What viral sounds terms and their nuances would you suggest? Editor's note: We suggest reading this New Yorker piece "A Short History of 'Hack'", and watching this Defcon talk by veteran journalist Steven Levy on the creativeness and chutzpah of the early hackers.
Intel

Intel Is Giving Up On Its Smart Glasses (theverge.com) 41

Intel is planning to shut down the New Devices Group (NDG), and cease development on the Vaunt smart glasses project that was revealed earlier this year. The glasses are unique in that they use retinal projection to put a display in your eyeball. "There is no camera to creep people out, no button to push, no gesture area to swipe, no glowing LCD screen, no weird arm floating in front of the lens, no speaker, and no microphone," reports The Verge.

Intel issued a statement announcing the plans: "Intel is continuously working on new technologies and experiences. Not all of these develop into a product we choose to take to market. The Superlight [the codename for Vaunt] project is a great example where Intel developed truly differentiated, consumer augmented reality glasses. We are going to take a disciplined approach as we keep inventing and exploring new technologies, which will sometimes require tough choices when market dynamics don't support further investment." From the report: It was always unclear how precisely Intel intended to bring the Vaunt glasses to market, though sources indicated that Intel wanted to find a partner with retail expertise to partner with. Jerry Bautista, the lead for Vaunt, told me back in December that Intel was "working with key ecosystem hardware providers -- whether they're frames or lenses and things like that. Because we believe there's a whole channel to people who wear glasses that's already there." The story was first reported by The Information.
AMD

AMD 2nd Gen Ryzen Processors Launched and Benchmarked (hothardware.com) 106

MojoKid writes: AMD launched its 2nd Generation Ryzen processors today, based on a refined update to the company's Zen architecture, dubbed Zen+. The chips offer higher clocks, lower latencies, and a more intelligent Precision Boost 2 algorithm that improves performance, system responsiveness, and power efficiency characteristics. These new CPUs still leverage the existing AM4 infrastructure and are compatible with the same socket, chipsets, and motherboards as AMD's first-generation products, with a BIOS/UEFI update.

There are four processors arriving today, AMD's Ryzen 7 2700X, the Ryzen 7 2700, the Ryzen 5 2600X, and the Ryzen 5 2600. Ryzen 7 chips are still 8-core CPUs with 20MB of cache but now top out at 4.3GHz, while Ryzen 5 chips offer 6 cores with 19MB of cache and peak at 4.2GHz. AMD claims 2nd Gen Ryzen processors offer reductions in L1, L2, and L3 cache latencies of approximately 13%, 34%, and 16%, respectively. Memory latency is reportedly reduced by about 11% and all of those improvements result in an approximate 3% increase in IPC (instructions per clock). The processors now also have official support for faster DDR4-2933 memory as well. In the benchmarks, 2nd Gen Ryzen CPUs outpaced AMD's first gen chips across the board with better single and multithreaded performance, closing the gap even further versus Intel, often with better or similar performance at lower price points. AMD 2nd Gen Ryzen processors, and new X470 chipset motherboards that support them, are available starting today and the CPUs range from $199 to $299.

Businesses

One Laptop Per Child's $100 Laptop Was Going To Change the World -- Then it All Went Wrong (theverge.com) 270

Adi Robertson, reporting for The Verge: In late 2005, tech visionary and MIT Media Lab founder Nicholas Negroponte pulled the cloth cover off a small green computer with a bright yellow crank. The device was the first working prototype for Negroponte's new nonprofit One Laptop Per Child (OLPC), dubbed "the green machine" or simply "the $100 laptop." And it was like nothing that Negroponte's audience -- at either his panel at a UN-sponsored tech summit in Tunis, or around the globe -- had ever seen. After UN Secretary-General Kofi Annan offered a glowing introduction, Negroponte explained exactly why. The $100 laptop would have all the features of an ordinary computer but require so little electricity that a child could power it with a hand crank.

[...] But OLPC's overwhelming focus on high-tech hardware worried some skeptics, including participants in the Tunis summit. One attendee said she'd rather have "clean water and real schools" than laptops, and another saw OLPC as an American marketing ploy. "Under the guise of non-profitability, hundreds of millions of these laptops will be flogged off to our governments," he complained. In the tech world, people were skeptical of the laptop's design, too. Intel chairman Craig Barrett scathingly dubbed OLPC's toy-like prototype "the $100 gadget," and Bill Gates hated the screen in particular. "Geez, get a decent computer where you can actually read the text," he told reporters.

[...] After announcing "the $100 Laptop," OLPC had one job to do: make a laptop that cost $100. As the team developed the XO-1, they slowly realized that this wasn't going to happen. According to Bender, OLPC pushed the laptop's cost to a low of $130, but only by cutting so many corners that the laptop barely worked. Its price rose to around $180, and even then, the design had major tradeoffs. [...]

Operating Systems

Linux 4.17 Kernel Offers Better Intel Power-Savings While Dropping Old CPUs (phoronix.com) 136

An anonymous reader writes: Linus Torvalds has released Linux 4.17-rc1. This kernel comes with a significant amount of new capabilities as outlined by the Linux 4.17 feature overview. Among the new features are AMDGPU WattMan support, Intel HDCP support, Vega 12 GPU enablement, NVIDIA Xavier SoC support, removal of obsolete CPU architectures, and even better support for the original Macintosh PowerBook 100 series. Phoronix testing has also revealed measurable power savings improvements and better power efficiency on Intel hardware. The kernel is expected to be stabilized by June.
Intel

Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware (bleepingcomputer.com) 46

Catalin Cimpanu, writing for BleepingComputer: Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip's SPI Flash memory -- a mandatory component used during the boot-up process [1, 2, 3]. According to Lenovo, who recently deployed the Intel fixes, "the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware." Lenovo engineers say "this would most likely result in a visible malfunction, but could in rare circumstances result in arbitrary code execution."
AMD

AMD Makes 2nd Gen Ryzen Processors Official With Availability Starting Next Week (hothardware.com) 63

MojoKid writes: Today AMD announced official details regarding its new mainstream second-generation Ryzen family of processors. Pricing and detailed specs show some compelling new alternatives from AMD and a refined family of chips to give Intel even more competition, especially considering price point. These new AMD CPUs are all based on the 12nm Zen+ architecture and, at least initially, include four SKUs. The Ryzen 7 family features 8 cores and 16 threads along with 20MB of cache. Ryzen 7 2700 (65W) has a base clock of 3.2GHz and a turbo frequency of 4.1GHz. The top-of-the-line Ryzen 7 2700X (105W) ups the stakes with clocks of 3.7GHz and 4.3GHz respectively. The new Ryzen 5 family features six physical cores capable of executing 12 threads and 19MB of cache. The Ryzen 5 2600 (65W) has a base clock of 3.4GHz and a max boost frequency of 3.9GHz. The Ryzen 5 2600X (95W) ups those speeds to 3.6GHz and 4.2GHz respectively. AMD says that the Ryzen 5 2600, Ryzen 5 2600X, Ryzen 7 2700 and Ryzen 2700X will be available starting April 19th, priced at $199, $229, $299 and $329 respectively.
Graphics

Intel Reportedly Designing Arctic Sound Discrete GPU For Gaming, Pro Graphics (hothardware.com) 68

MojoKid shares a report from HotHardware: When AMD's former graphics boss Raja Koduri landed at Intel after taking a much-earned hiatus from the company, it was seen as a major coup for the Santa Clara chip outfit, one that seemed to signal that Intel might be targeting to compete in the discrete graphics card market. While nothing has been announced in that regard, some analysts are claiming that there will indeed be a gaming variant of Intel's upcoming discrete "Arctic Sound" GPU. According to reports, Intel originally planned to build Arctic Sound graphics chips mainly for video streaming chores and data center activities. However, claims are surfacing that the company has since decided to build out a gaming variant at the behest of Koduri, who wants to "enter the market with a bang." Certainly a gaming GPU that could compete with AMD and NVIDIA would accomplish that goal. Reportedly, Intel could pull together two different version of Arctic Sound. One would be an integrated chip package, like the Core i7-8809G (Kaby Lake-G) but with Intel's own discrete graphics, as well as a standalone chip that will end up in a traditional graphics cards. Likely both of those will have variants designed for gaming, just as AMD and NVIDIA build GPUs for professional use and gaming as well.
Businesses

Amazon Spent Close To $23B on R&D in 2017, Outpacing Fellow Tech Giants (geekwire.com) 62

Amazon powered its prolific 2017, which saw the release of a cavalcade of new products and services, with $22.6 billion in spending on research and development, tops among U.S. companies. From a report: According to data from FactSet, Google parent Alphabet came in second in R&D spending in 2017 at $16.6 billion, followed by Intel at $13.1 billion, Microsoft at $12.3 billion and Apple at $11.6 billion. Facebook jumped into the top 10, spending $7.8 billion in 2017. One of Amazon's biggest R&D efforts in recent years has been the cashier-less grocery store concept Amazon Go. The company spent 2017 getting the technology, first announced in December 2016, ready for prime time before opening the first location in January. Amazon has invested heavily in its market-leading cloud computing arm, Amazon Web Services. AWS juiced Amazon.
Intel

Intel Tells Users to Uninstall Remote Keyboard App Over Unpatched Security Bugs (bleepingcomputer.com) 16

Intel has decided that instead of fixing three security bugs affecting the Intel Remote Keyboard Android app, it would be easier to discontinue the application altogether. BleepingComputer: The company announced its decision on Tuesday, following the discovery of three security bugs that affect all versions of the Intel Remote Keyboard. This is an Android application that Intel launched in 2015 to allow users to wirelessly control Intel NUC and Intel Compute Stick single-board computers. The bugs, discovered by three different researchers, when exploited, allow a nearby network attacker to inject keystrokes into remote keyboard sessions, and also execute malicious code on the user's Android device.
Intel

Intel Says Some CPU Models Will Never Receive Microcode Updates (bleepingcomputer.com) 213

An anonymous reader writes: Intel released an update to the Meltdown and Spectre mitigation guide, revealing that it stopped working on mitigations for some processor series. The Meltdown and Spectre mitigation guide is a PDF document that Intel published in February. The file contains information on the status of microcode updates for each of Intel's CPU models released in the past years. Intel has constantly updated the document in the past weeks with new information about processor series and the microcode firmware version number that includes patches for the Meltdown and Spectre flaws.

An update published on Monday includes for the first time a "Stopped" production status. Intel says that processors with a "Stopped" status will not receive microcode updates. The reasons basically vary from "redesigning the CPU micro-architecture is impossible or not worth the effort" to "it's an old CPU" and "customers said they don't need it." The following Intel processor products received a "Stopped" status marker: Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0, Harpertown Xeon E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale C0, Wolfdale M0, Wolfdale E0, Wolfdale R0, Wolfdale Xeon C0, Wolfdale Xeon E0, Yorkfield, and Yorkfield Xeon.

Intel

Intel Unveils New Coffee Lake 8th Gen Core Line-Up With First Core i9 Mobile CPU (hothardware.com) 73

MojoKid writes: Intel is announcing a big update to its processor families today, with new 8th Gen Coffee Lake-based Core chips for both mobile and desktop platforms. On the mobile side of the equation, the most interesting processors are no doubt Intel's new six-core Coffee Lake parts, starting with the Core i7-8750H. This processor comes with base/max single-core turbo boost clocks of 2.2GHz and 4.2GHz respectively, while the Core i7-8850H bumps those clocks to 2.6GHz and 4.3GHz respectively. Both processors have six cores (12 threads), a TDP of 45 watts and 9MB of shared Smart Cache.However, the new flagship processor is without question the Intel Core i9-8950HK, which is the first Core i9-branded mobile processor. It retains the 6/12 (core/thread) count of the lower-end parts, but features base and turbo clocks of 2.9GHz and 4.8GHz respectively. The chip also comes unlocked since it caters to gaming enthusiasts and bumps the amount of Smart Cache to 12MB. Intel is also announcing a number of lower powered Coffee Lake-U series chips for thin and light notebooks, some of which have on board Iris Plus integrated graphics with 128MB of on-chip eDRAM, along with some lower powered six-core and quad-core desktop chips that support the company's Optane memory in Intel's new 300 series chipset platform.
Intel

No More Intel Inside, Apple Plans To Use Its Own Custom-Built Chips in Mac (bloomberg.com) 513

Apple is planning to use homegrown custom-built processors in its Mac line of computers, ditching Intel, the processors by which powers Apple's current line of computers, Bloomberg reported on Monday. The company could make the switch to its own chips as early as 2020, the report said. From the report: The initiative, code named Kalamata, is still in the early developmental stages, but comes as part of a larger strategy to make all of Apple's devices -- including Macs, iPhones, and iPads -- work more similarly and seamlessly together, said the people, who asked not to be identified discussing private information. The project, which executives have approved, will likely result in a multi-step transition.

The shift would be a blow to Intel, whose partnership helped revive Apple's Mac success and linked the chipmaker to one of the leading brands in electronics. Apple provides Intel with about 5 percent of its annual revenue, according to Bloomberg supply chain analysis. Intel shares dropped as much as 9.2 percent, the biggest intraday drop in more than two years, on the news.

Privacy

Adobe Is Helping Some 60 Companies Track People Across Devices (neowin.net) 66

Neowin reports of Adobe's recent announcement of its new Marketing Cloud Device Co-op initiative: The announcement of the new solution for tracking customers across devices was made at the Adobe Summit this week in Las Vegas to a digital marketing conference. According to an Adobe blog post released earlier this month citing Forrester, consumers are increasingly accessing multiple devices before making a purchase decision -- an average of 5.5 connected devices per person. This behavior creates a challenge for retailers, who cannot easily target people in their marketing campaigns, ultimately depending on Facebook or Google to track people instead of devices. Both Facebook and Google are able to do this job because of the massive amount of users logged into their ecosystems regularly, so most retailers have been opting to use those platforms as a way to reach potential customers. But Adobe's approach is to provide a platform agnostic solution acting as a glue between the world's biggest brands' own data management platforms.

In order for Device Co-op to work, each company that has joined the initiative will provide Adobe with "cryptographically hashed login IDs" and HTTP header data, which Adobe claims will completely hide the customer's identity. This data will be used to create groups of devices used by the same person or household, which will then be made available to all the members of the initiative so they can target people on different devices, instead of creating one customer profile per device, as can be seen from the example given in the image above. Until now, some 60 companies have joined the Adobe initiative, including brands such as Subway, Sprint, NFL, Lenovo, Intel, Barnes & Noble, and Subaru. Also, preliminary measurements made by Adobe indicate that Device Co-op could link up to 1.2 billion devices worldwide, based on the amount of accesses seen by current members. But it is important to note that the initiative is currently collecting data of U.S. and Canada users only.
Adobe is claiming the initiative will not disclose a user's identity to its members, including any personal data, but, given the recent Facebook and Cambridge Analytica scandal, many will be skeptical of those claims. Thankfully, Adobe is allowing users to completely opt out all of their devices from the services via this website.
Intel

Intel Files Patent For Energy-Efficient Bitcoin Mining Hardware (crn.com) 48

Intel is exploring the creation of specialty hardware for mining the popular cryptocurrency Bitcoin, according to a U.S. patent application released Thursday. From a report: The patent, filed on Sept. 23, 2016, describes a Bitcoin mining hardware accelerator that may include a processor core with a hardware accelerator coupled with it. Bitcoin mining is the process of using powerful computer processors to record Bitcoin transactions on a public ledger, which is done by attempting to solve cryptographic puzzles. If the miner becomes the first to solve the puzzle and record the next transaction, it is rewarded with newly released Bitcoin. The high energy and equipment costs associated with mining have brought into question whether the activity can be profitable, especially as the price of Bitcoin has nose-dived in the past few months, as noted by Forbes. But that hasn't stopped people from hoarding equipment -- one report from Coherent Market Insights pegged the cryptocurrency mining market at $610 million in 2016 and expects it to grow to $38 billion by 2025. The current issues faced by miners also has propelled companies and individuals to find new technologies and methods for making mining more efficient.
Microsoft

Microsoft's Windows 7 Meltdown Fixes From January and February Made PCs More Insecure (theregister.co.uk) 84

Microsoft's January and February security fixes for Intel's Meltdown processor vulnerability opened up an even worse security hole on Windows 7 PCs and Server 2008 R2 boxes. From a report: This is according to researcher Ulf Frisk, who previously found glaring shortcomings in Apple's FileVault disk encryption system. We're told Redmond's early Meltdown fixes for 64-bit Windows 7 and Server 2008 R2 left a crucial kernel memory table readable and writable for normal user processes. This, in turn, means any malware on those vulnerable machines, or any logged-in user, can manipulate the operating system's memory map, gain administrator-level privileges, and extract and modify any information in RAM. The Meltdown chip-level bug allows malicious software, or unscrupulous logged-in users, on a modern Intel-powered machine to read passwords, personal information, and other secrets from protected kernel memory. But the security fixes from Microsoft for the bug, on Windows 7 and Server 2008 R2, issued in January and February, ended up granting normal programs read and write access to all of physical memory.
Privacy

Ask Slashdot: Why Are There No True Dual-System Laptops Or Tablet Computers? 378

dryriver writes: This is not a question about dual-booting OSs -- having 2 or more different OSs installed on the same machine. Rather, imagine that I'm a business person or product engineer or management consultant with a Windows 10 laptop that has confidential client emails, word documents, financial spreadsheets, product CAD files or similar on it. Business stuff that needs to stay confidential per my employment contract or NDAs or any other agreement I may have signed. When I have to access the internet from an untrusted internet access point that somebody else controls -- free WiFi in a restaurant, cafe or airport lounge in a foreign country for example -- I do not want my main Win 10 OS, Intel/AMD laptop hardware or other software exposed to this untrusted internet connection at all. Rather, I want to use a 2nd and completely separate System On Chip or SOC inside my Laptop running Linux or Android to do my internet accessing. In other words, I want to be able to switch to a small 2nd standalone Android/Linux computer inside my Windows 10 laptop, so that I can do my emailing and internet browsing just about anywhere without any worries at all, because in that mode, only the small SOC hardware and its RAM is exposed to the internet, not any of the rest of my laptop or tablet. A hardware switch on the laptop casing would let me turn the 2nd SOC computer on when I need to use it, and it would take over the screen, trackpad and keyboard when used. But the SOC computer would have no physical connection at all to my main OS, BIOS, CPU, RAM, SSD, USB ports and so on. Does something like this exist at all (if so, I've never seen it...)? And if not, isn't this a major oversight? Wouldn't it be worth sticking a 200 Dollar Android or Linux SOC computer into a laptop computer if that enables you access internet anywhere, without any worries that your main OS and hardware can be compromised by 3rd parties while you do this?
Security

Intel CPUs Vulnerable To New 'BranchScope' Attack (securityweek.com) 102

wiredmikey writes: Researchers have discovered a new side-channel attack method dubbed "BranchScope" that can be launched against devices with Intel processors. The attack has been identified and demonstrated by a team of researchers, and similar to Meltdown and Spectre, can be exploited by an attacker to obtain potentially sensitive information they normally would not be able to access directly. The attacker needs to have access to the targeted system and they must be able to execute arbitrary code.

Researchers believe the requirements for such an attack are realistic, making it a serious threat to modern computers, "on par with other side-channel attacks." The BranchScope attack has been demonstrated on devices with three types of Intel i5 and i7 CPUs based on Skylake, Haswell and Sandy Bridge microarchitectures.
Further reading: As predicted, more branch prediction processor attacks are discovered (ArsTechnica).
AMD

Linux Mint Ditches AMD For Intel With New Mintbox Mini 2 (betanews.com) 46

An anonymous reader writes: Makers of Mint Box, a diminutive desktop which runs Linux Mint -- an Ubuntu-based OS, on Friday announced the Mintbox Mini 2. While the new model has several new aspects, the most significant is that the Linux Mint Team has switched from AMD to Intel (the original Mini used an A4-Micro 6400T). For $299, the Mintbox Mini 2 comes with a quad-core Intel Celeron J3455 processor, 4GB of RAM, and a 60GB SSD. For $50 more you can opt for the "Pro" model which doubles the RAM to 8GB and increases the SSD capacity to 120GB. Graphics are fairly anemic, as it uses integrated Intel HD 500, but come on -- you shouldn't expect to game with this thing. For video connectivity, you get both HDMI and Mini DisplayPort. Both can push 4K, and while the mini DP port can do 60Hz, the HDMI is limited to 30.
Robotics

Robots Are Trying To Pick Strawberries. So Far, They're Not Very Good At It (npr.org) 131

Robots have taken over many of America's factories. They can explore the depths of the ocean, and other planets. They can play ping-pong. But can they pick a strawberry? From a report: "You kind of learn, when you get into this -- it's really hard to match what humans can do," says Bob Pitzer, an expert on robots and co-founder of a company called Harvest CROO Robotics. (CROO is an acronym. It stands for Computerized Robotic Optimized Obtainer.) Any 4-year old can pick a strawberry, but machines, for all their artificial intelligence, can't seem to figure it out. Pitzer says the hardest thing for them is just finding the fruit. The berries hide behind leaves in unpredictable places. "You know, I used to work in the semiconductor industry. I was a development engineer for Intel, and it was a lot easier to make semiconductor chips," he says with a laugh.

Slashdot Top Deals