Wine

Wine 3.0 Released (softpedia.com) 36

prisoninmate shares a report from Softpedia: The Wine (Wine Is Not an Emulator) project has been updated today to version 3.0, a major release that ends 2017 in style for the open-source compatibility layer capable of running Windows apps and games on Linux-based and UNIX-like operating systems. Almost a year in the works, Wine 3.0 comes with amazing new features like an Android driver that lets users run Windows apps and games on Android-powered machines, Direct3D 11 support enabled by default for AMD Radeon and Intel GPUs, AES encryption support on macOS, Progman DDE support, and a task scheduler. In addition, Wine 3.0 introduces the ability to export registry entries with the reg.exe tool, adds various enhancements to the relay debugging and OLE data cache, as well as an extra layer of event support in MSHTML, Microsoft's proprietary HTML layout engine for the Windows version of the Internet Explorer web browser. You can read the full list of features and download Wine 3.0 from WineHQ's website.
Intel

Intel Says Newer Chips Also Hit by Unwanted Reboots After Patch (zdnet.com) 87

Intel says the unexpected reboots triggered by patching older chips affected by Meltdown and Spectre are happening to its newer chips, too. From a report: Intel confirmed in an update late Wednesday that not only are its older Broadwell and Haswell chips tripping up on the firmware patches, but newer CPUs through to the latest Kaby Lake chips are too. The firmware updates do protect Intel chips against potential Spectre attacks, but machines with Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake architecture processors are rebooting more frequently once the firmware has been updated, Intel said. Intel has also updated its original Meltdown-Spectre advisory with a new warning about the stability issues and recommends OEMs and cloud providers test its beta silicon microcode updates before final release. These beta releases, which mitigate the Spectre Variant 2 CVE-2017-5715 attack on CPU speculative execution, will be available next week.
Intel

Intel Unveils 'Breakthrough' 49 Qubit Quantum Computer (extremetech.com) 204

Long-time Slashdot reader cold fjord writes: Extremetech reports, "At CES 2018 this week, Intel's CEO Brian Krzanich declared the company's new 49-qubit quantum computer represented a step towards "quantum supremacy." A 49 qubit system is a major advance for Intel, which just demonstrated a 17-qubit system two months ago. Intel's working with the Netherlands-based Qutech on this project, and expanding the number of qubits is key to creating quantum computers that can deliver real-world results... "Qubits are tremendously fragile," Intel wrote in October. "Any noise or unintended observation of them can cause data loss. This fragility requires them to operate at about 20 millikelvin -- 250 times colder than deep space." This is also why we won't be seeing quantum computers in anyone's house at any point."
Krzanich also thanked the industry for "coming together" to address the Meltdown and Spectre vulnerabilities. "The collaboration among so many companies to address this industry-wide issue across several different processor architectures has been truly remarkable."
Intel

Researcher Finds Another Security Flaw In Intel Management Firmware (arstechnica.com) 87

An anonymous reader quotes a report from Ars Technica: Meltdown and Spectre are not the only security problems Intel is facing these days. Today, researchers at F-Secure have revealed another weakness in Intel's management firmware that could allow an attacker with brief physical access to PCs to gain persistent remote access to the system, thanks to weak security in Intel's Active Management Technology (AMT) firmware -- remote "out of band" device management technology installed on 100 million systems over the last decade, according to Intel. [T]he latest vulnerability -- discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post -- is more of a feature than a bug. Notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer -- even bypassing BIOS passwords, Trusted Platform Module personal identification numbers, and Bitlocker disk encryption passwords -- by rebooting the computer, entering its BIOS boot menu, and selecting configuration for Intel's Management Engine BIOS Extension (MEBx).

If MEBx hasn't been configured by the user or by their organization's IT department, the attacker can log into the configuration settings using Intel's default password of "admin." The attacker can then change the password, enable remote access, and set the firmware to not give the computer's user an "opt-in" message at boot time. "Now the attacker can gain access to the system remotely," F-Secure's release noted, "as long as they're able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps)."

Bug

Intel's Chip Bug Fixes Have Bugs of Their Own (bleepingcomputer.com) 59

From a report: Intel said late Thursday it is investigating an issue with Broadwell and Haswell CPUs after customers reported higher system reboot rates when they installed firmware updates for fixing the Spectre flaw. The hardware vendor said these systems are both home computers and data center servers. "We are working quickly with these customers to understand, diagnose and address this reboot issue," said Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel Corporation. "If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to discuss the issue," Shenoy added. The Intel exec said users shouldn't feel discouraged by these snags and continue to install updates from OS makers and OEMs.
AMD

AMD Is Releasing Spectre Firmware Updates To Fix CPU Vulnerabilities (theverge.com) 74

An anonymous reader quotes a report from The Verge: AMD's initial response to the Meltdown and Spectre CPU flaws made it clear "there is a near zero risk to AMD processors." That zero risk doesn't mean zero impact, as we're starting to discover today. "We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat," says Mark Papermaster, AMD's chief technology officer. AMD is making firmware updates available for Ryzen and EPYC owners this week, and the company is planning to update older processors "over the coming weeks." Like Intel, these firmware updates will be provided to PC makers, and it will be up to suppliers to ensure customers receive these. AMD isn't saying whether there will be any performance impacts from applying these firmware updates, nor whether servers using EPYC processors will be greatly impacted or not. AMD is also revealing that its Radeon GPU architecture isn't impacted by Meltdown or Spectre, simply because those GPUs "do not use speculative execution and thus are not susceptible to these threats." AMD says it plans to issue further statements as it continues to develop security updates for its processors.
Intel

Intel Says Chip-Security Fixes Leave PCs No More Than 10% Slower (axios.com) 276

Intel trying to defuse concern that fixes to widespread chip security vulnerabilities will slow computers, released test results late Wednesday showing that personal computers won't be affected much and promised more information on servers. From a report: The chipmaker published a table of data showing that older processors handled typical tasks 10 percent slower at most, after being updated with security patches. The information covered three generations of processors, going back to 2015, running Microsoft's Windows 10 and Windows 7 computer operating systems. Further reporting: Intel, Microsoft offer differing views on impact of chip flaw
Power

Power Outage Brings CES To a Standstill For Nearly 2 Hours (cnet.com) 58

A major power outage brought a major portion of the Consumer Electronics Show in the Las Vegas Center to a standstill for nearly 2 hours today. The lights went out at around 11:13 a.m. PT, just as the second day of CES 2018 was ramping up, and didn't turn back on until around 12:34 p.m. PT. CNET reports: It came a day after more than an inch of rain fell in Las Vegas, which caused flash flooding in the desert city. (Wednesday's weather is clear and warm, and it's unclear if the power outage was at all related.) The first reports of the blackout came from the convention center's Central Hall, which houses the giant booths for show mainstays including Sony, Samsung, LG and Intel -- though Samsung's booth still had limited electricity thanks to its own private backup power. By noon, security guards were refusing entry to parts of the Convention Center. The website of Nevada Energy, the power provider, listed the cause of the problem as "customer-owned electrical equipment."
Microsoft

Microsoft Details Performance Impact of Spectre and Meltdown Mitigations on Windows Systems (microsoft.com) 237

Microsoft's Windows chief Terry Myerson on Tuesday outlined how Spectre and Meltdown firmware updates may affect PC performance. From a blog post: With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don't expect most users to notice a change because these percentages are reflected in milliseconds.

With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance. With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.

Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation. Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel.

AMD

Intel Launches 8th Gen Core Series CPUs With Integrated AMD Radeon Graphics (hothardware.com) 123

MojoKid writes: At CES 2018, Intel unveiled more details of its 8th generation Intel Core processors with integrated AMD Radeon RX Vega M graphics. Like cats and dogs living together, the mashup of an Intel processor with an AMD GPU is made possible by an Embedded Multi-Die Interconnect Bridge (EMIB), which provides a high-speed data interconnect between the processor, GPU and 4GB of second-generation High-Bandwidth Memory (HBM2). Intel is delivering 8th generation H-Series Core processors in 65W TDP (laptops) and 100W TDP (desktops) SKUs that will take up 50 percent less PCB real estate, versus traditional discrete configs. Both the mobile and desktop variants of the processors will be available in Core i5 or Core i7 configurations, with 4 cores and 8 threads, up to 8MB of cache and 4GB of HBM2. The 65W mobile processors can boost up to 4.1GHz, while the Radeon RX Vega M GL GPU has base/boost clocks of 931MHz and 1011MHz, respectively. The AMD GPU has 20 compute units and memory bandwidth checks in at 179GB/s. Desktop processors ratchet the maximum boost slightly to 4.2GHz, while the base/boost clocks of the Radeon RX Vega M GH GPU jump to 1063MHz and 1190MHz, respectively. Desktop GPUs are also upgraded with 24 CUs and 204GB/s of memory bandwidth. Intel says that its 8th generation Core i7 with Radeon RX Vega M GL graphics is up to 1.4x faster than a Core i7-8550U with an NVIDIA GeForce GTX 1050 GPU in a notebook system. System announcements from Dell and HP are forthcoming, with availability in the first half of this year. Intel has also launched a new NUC small form factor gaming mini PC based on the technology as well.
IOS

Apple Updates macOS and iOS To Address Spectre Vulnerability (engadget.com) 67

Days after Apple disclosed how it would be dealing with the Meltdown bug that affects modern computers, it's pushed out fixes for the Spectre exploit as well. From a report: iOS 11.2.2 includes "Security improvements to Safari and WebKit to mitigate the effects of Spectre," the company writes on its support page, while the macOS High Sierra 10.13.2 Supplemental Update does the same for your Mac laptop or desktop. Installing this update on your Mac will also update Safari to version 11.0.2.
AI

Alexa is Coming To Windows 10 PCs From HP, ASUS and Others (engadget.com) 99

An anonymous reader shares a report: Amazon's Alexa recently arrived on headphones and even toilets, but it's about to become much more ubiquitous by hitting Windows 10 PCs later this year. HP, ASUS and Acer have revealed that the voice assistant is coming to various models, including ASUS's ZenBook and VivoBook lineup, the HP Pavilion Wave, and select Acer Spin, Swift, Switch and Aspire notebooks. Amazon will release a special Alexa app in the spring, and laptop builders are tapping Intel's Smart Sound tech to make sure that the app can pick up your voice when you're not right next to your PC. "Hands-free access to Alexa on PCs can be helpful to customers in many ways, like making it simple to interact with your smart home, get news or weather, set timers, and more," Amazon Alexa VP Steve Rabuchin said in a statement.
Google

OpenBSD's De Raadt Pans 'Incredibly Bad' Disclsoure of Intel CPU Bug (itwire.com) 366

troublemaker_23 quotes ITWire: Disclosure of the Meltdown and Spectre vulnerabilities, which affect mainly Intel CPUs, was handled "in an incredibly bad way" by both Intel and Google, the leader of the OpenBSD project Theo de Raadt claims. "Only Tier-1 companies received advance information, and that is not responsible disclosure -- it is selective disclosure," De Raadt told iTWire in response to queries. "Everyone below Tier-1 has just gotten screwed."
In the interview de Raadt also faults intel for moving too fast in an attempt to beat their competition. "There are papers about the risky side-effects of speculative loads -- people knew... Intel engineers attended the same conferences as other company engineers, and read the same papers about performance enhancing strategies -- so it is hard to believe they ignored the risky aspects. I bet they were instructed to ignore the risk."

He points out this will make it more difficult to develop kernel software, since "Suddenly the trickiest parts of a kernel need to do backflips to cope with problems deep in the micro-architecture." And he also complains that Intel "has been exceedingly clever to mix Meltdown (speculative loads) with a separate issue (Spectre). This is pulling the wool over the public's eyes..."

"It is a scandal, and I want repaired processors for free."
Linux

Can You Install Linux On a 1993 PC? (yeokhengmeng.com) 252

The oldest x86 CPU that the Linux kernel supports today is theoretically the 486. However is this theory actually true in practice? I decided to put this theory to the test in my project.
His site describes installing Gentoo Linux on an "ancient" IBM PS/1 Consultant 2133 19C (released in 1993), with 64MB SIMM-72 RAM. (Though to speed things up, he compiled that minimal version of Gentoo on a modern Thinkpad T430 released in 2012.) "Due to the age of the PC, the BIOS only supports booting from the floppy drive or internal HDD," so there was also some disk partitioning and kernel configuration. ("Must disable 64-bit kernel for obvious reasons!") A half-hour video shows that it takes almost 11 minutes just to boot up -- and five and a half minutes to shut down. "Despite the many roadblocks I faced, I was impressed by the level of support Linux has for ancient hardware like this."

And there's one more added bonus. "Given the age of the 486 (1989 technology), it does not support branch prediction... Ironically this makes it safe from the Meltdown and Spectre attacks."
Bug

After Intel ME, Researchers Find Security Bug In AMD's SPS Secret Chip-on-Chip (bleepingcomputer.com) 76

An anonymous reader writes: AMD has fixed, but not yet released BIOS/UEFI/firmware updates for the general public for a security flaw affecting the AMD Secure Processor. This component, formerly known as AMD PSP (Platform Security Processor), is a chip-on-chip security system, similar to Intel's much-hated Management Engine (ME). Just like Intel ME, the AMD Secure Processor is an integrated coprocessor that sits next to the real AMD64 x86 CPU cores and runs a separate operating system tasked with handling various security-related operations.

The security bug is a buffer overflow that allows code execution inside the AMD SPS TPM, the component that stores critical system data such as passwords, certificates, and encryption keys, in a secure environment and outside of the more easily accessible AMD cores. Intel fixed a similar flaw last year in the Intel ME.

Intel

Can We Replace Intel x86 With an Open Source Chip? (zdnet.com) 358

An anonymous reader quotes, Jason Perlow, the senior technology editor at ZDNet: Perhaps the Meltdown and Spectre bugs are the impetus for making long-overdue changes to the core DNA of the semiconductor industry and how chip architectures are designed... Linux (and other related FOSS tech that forms the overall stack) is now a mainstream operating system that forms the basis of public cloud infrastructure and the foundational software technology in mobile and Internet of Things (IoT)... We need to develop a modern equivalent of an OpenSPARC that any processor foundry can build upon without licensing of IP, in order to drive down the costs of building microprocessors at immense scale for the cloud, for mobile and the IoT. It makes the $200 smartphone as well as hyperscale datacenter lifecycle management that much more viable and cost-effective.

Just as Linux and open source transformed how we view operating systems and application software, we need the equivalent for microprocessors in order to move out of the private datacenter rife with these legacy issues and into the green field of the cloud... The fact that we have these software technologies that now enable us to easily abstract from the chip hardware enables us to correct and improve the chips through community efforts as needs arise... We need to stop thinking about microprocessor systems' architectures as these licensed things that are developed in secrecy by mega-companies like Intel or AMD or even ARM... The reality is that we now need to create something new, free from any legacy entities and baggage that has been driving the industry and dragging it down the past 40 years. Just as was done with Linux.

The bigger question is which chip should take its place. "I don't see ARM donating its IP to this effort, and I think OpenSPARC may not be it either. Perhaps IBM OpenPOWER? It would certainly be a nice gesture of Big Blue to open their specification up further without any additional licensing, and it would help to maintain and establish the company's relevancy in the cloud going forward.

"RISC-V, which is being developed by UC Berkeley, is completely Open Source."
Intel

Linus Torvalds Says Intel Needs To Admit It Has Issues With CPUs (itwire.com) 271

troublemaker_23 shares an article from ITWire: Linux creator Linus Torvalds has had some harsh words for Intel in the course of a discussion about patches for two bugs that were found to affect most of the company's processors... Torvalds was clearly unimpressed by Intel's bid to play down the crisis through its media statements, saying: "I think somebody inside of Intel needs to really take a long hard look at their CPUs, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed... Or is Intel basically saying 'we are committed to selling you shit forever and ever, and never fixing anything'?" he asked. "Because if that's the case, maybe we should start looking towards the ARM64 people more."
Elsewhere Linus told ZDNet that "there's no one number" for the performance drop users will experience after patches. "It will depend on your hardware and on your load. I think 5 percent for a load with a noticeable kernel component (e.g. a database) is roughly in the right ballpark. But if you do micro-benchmarks that really try to stress it, you might see double-digit performance degradation. A number of loads will spend almost all their time in user space, and not see much of an impact at all."
Intel

Intel Hit With Three Class-Action Lawsuits Over Meltdown and Spectre Bugs (theguardian.com) 220

An anonymous reader quotes a report from The Guardian: Intel has been hit with at least three class-action lawsuits over the major processor vulnerabilities revealed this week. Three separate class-action lawsuits have been filed by plaintiffs in California, Oregon and Indiana seeking compensation, with more expected. All three cite the security vulnerability and Intel's delay in public disclosure from when it was first notified by researchers of the flaws in June. Intel said in a statement it "can confirm it is aware of the class actions but as these proceedings are ongoing, it would be inappropriate to comment." The plaintiffs also cite the alleged computer slowdown that will be caused by the fixes needed to address the security concerns, which Intel disputes is a major factor. "Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time," Intel said in an earlier statement.
Intel

Nope, No Intel Chip Recall After Spectre and Meltdown, CEO Says (cnet.com) 372

Hoping the Meltdown and Spectre security problems might mean Intel would be buying you a shiny new computer after a chip recall? Sorry, that's not on the cards. From a report: Intel famously paid hundreds of millions of dollars to recall its Pentium processors after the 1994 discovery of the "FDIV bug" that revealed rare but real calculation errors. But Intel CEO Brian Krzanich said the new problems are much more easily fixed -- and indeed are already well on their way to being fixed, at least in the case of Intel-powered PCs and servers. "This is very very different from FDIV," Krzanich said, criticizing media coverage of Meltdown and Spectre as overblown. "This is not an issue that is not fixable... we're seeing now the first iterations of patches." On Thursday, Intel said it was aiming to fix 90 percent of all Intel products that have been introduced within the past year by end of next week. CNET asked if the company was looking at older Intel processors? From the report: "We're working with [computer makers] to determine which ones to prioritize based on what they see as systems in the field," an executive at the company said. Intel also is fixing the problem in future chips, starting with products that will arrive later this year. Intel is effectively taking the software fixes being released now and building them directly into hardware, he said.
Intel

When F00F Bug Hit 20 Years Ago, Intel Reacted the Same Way (itwire.com) 141

troublemaker_23 writes: A little more than 20 years ago, Intel faced a problem with its processors, though it was not as big an issue as compared to the speculative execution bugs that were revealed this week. The 1997 bug, which came to be known as the F00F bug, allowed a malicious person to freeze up Pentium MMX and "classic" Pentium computers. Any Intel Pentium/Pentium MMX could be remotely and anonymously caused to hang, merely by sending it the byte sequence "F0 0F C7 C8". At the time, Intel said it learnt about the bug on 7 November 1997, but a report said that at least two people had indicated on an Intel newsgroup that the company knew about it earlier before. The processor firm confirmed the existence on 10 November. But, says veteran Linux sysadmin Rick Moen, the company's reaction to that bug was quite similar to the way it has reacted to this week's disclosures.

"Intel has a long history of trying to dissemble and misdirect their way out of paying for grave CPU flaws," Moen said in a post to Linux Users of Victoria mailing list. "Remember the 'Pentium Processor Invalid Instruction Erratum' of 1997, exposing all Intel Pentium and Pentium MMX CPUs to remote security attack, stopping them in their tracks if they could be induced to run processory instruction 'F0 0F C7 C8'? "No, of course you don't. That's why Intel gave it the mind-numbingly boring official name 'Pentium Processor Invalid Instruction Erratum', hoping to replace its popular names 'F00F bug' and 'Halt-and-Catch Fire bug'."

Slashdot Top Deals