Slashdot Mirror

Intel announced Tuesday afternoon that it will no longer be working on 5G chips for smartphones, leaving Apple with only one supplier for its iPhones, Qualcomm -- the same company that it was battling in court until midday Tuesday. CNET reports: Intel late Tuesday said it plans to exit the 5G smartphone modem business. It had been working on a processor for Apple, with the chip expected to be in iPhones in 2020. Lately there have been worries the chip wouldn't be ready until iPhones released in 2021. "The company will continue to meet current customer commitments for its existing 4G smartphone modem product line, but does not expect to launch 5G modem products in the smartphone space, including those originally planned for launches in 2020," Intel said in a press release. Its only customer in modems is Apple.

Intel added that it will "complete an assessment of the opportunities for 4G and 5G modems in PCs, internet of things devices and other data-centric devices." It also said it will "continue to invest in its 5G network infrastructure business." "We are very excited about the opportunity in 5G and the 'cloudification' of the network, but in the smartphone modem business it has become apparent that there is no clear path to profitability and positive returns," Intel CEO Bob Swan said in a statement. The announcement comes hours after Apple and Qualcomm announced that they had reached a settlement in their multi-year battling over licensing royalties.

Conservation nonprofit Resolve is using AI-equipped cameras to act as remote park rangers and help spot wildlife poachers before they kill endangered animals. "Today, Resolve announced a new custom-made device called TrailGuard AI, which uses Intel-made vision chips to identify animals and humans that wander into view," reports The Verge. "The cameras will be placed on access trails used by poachers, automatically alerting park rangers who can check up on any suspicious activity." From the report: TrailGuard AI builds on past work by Resolve to create remote cameras to aid conservation. However, early devices were bulky, had limited battery life, and were unsophisticated, sending images to rangers every time their motion sensors were tripped. This resulted in lots of false positives, as the cameras would be triggered by non-events, such as the wind shaking tree branches. The new device, by comparison, is no thicker than a human index finger, has a battery life of a year and a half, and can reliably identify humans, animals, and vehicles. The chip used by Resolve is Intel's Movidius Myriad 2 VPU (or vision processing unit), which is the same technology that powered Google's automatic Clips camera.

In an official statement Thursday, Intel called out Qualcomm for allegedly continuing to pursue its use of patent lawsuits and threatening lawsuits against its own customers and competitors even as multiple antitrust agencies have found Qualcomm to be violating competition laws with these tactics. From a report: The statement from Steven Rodgers, Intel EVP and general counsel, said that despite Qualcomm being fined by multiple governments around the world over its abuse of patents against other companies, the company continues the same aggressive legal strategy against its partners and competitors. This, Intel said, will only lead to higher prices for consumers and less innovation.

According to Intel, Qualcomm's goal is not to vindicate its IP rights, but to drive competition out of the market completely. Intel pointed out that Qualcomm has been fined almost a billion dollars in China, $850 million in Korea, $1.2 billion in the European Union and $773 million in Taiwan over the company's anti-competitive practices. Intel also encouraged everyone to pay attention to FTC's lawsuit against Qualcomm in the United States. The FTC will begin its opening arguments in court on January 4. Intel, who is a competitor of Qualcomm in the wireless modem space, said that it hopes the actions taken by global authorities against Qualcomm will preserve competition in the 5G market.

A team of nine academics has revealed today seven new CPU attacks. The seven impact AMD, ARM, and Intel CPUs to various degrees. From a report: Two of the seven new attacks are variations of the Meltdown attack, while the other five are variations on the original Spectre attack -- two well-known attacks that have been revealed at the start of the year and found to impact CPUs models going back to 1995. Researchers say they've discovered the seven new CPU attacks while performing "a sound and extensible systematization of transient execution attacks" -- a catch-all term the research team used to describe attacks on the various internal mechanisms that a CPU uses to process data, such as the speculative execution process, the CPU's internal caches, and other internal execution stages. The research team says they've successfully demonstrated all seven attacks with proof-of-concept code. Experiments to confirm six other Meltdown-attacks did not succeed, according to a graph published by researchers. Update: In a statement to Slashdot, an Intel spokesperson said, "the vulnerabilities documented in this paper can be fully addressed by applying existing mitigation techniques for Spectre and Meltdown, including those previously documented here, and elsewhere by other chipmakers. Protecting customers continues to be a critical priority for us and we are thankful to the teams at Graz University of Technology, imec-DistriNet, KU Leuven, & the College of William and Mary for their ongoing research."

Long-time Slashdot reader Bruce Perens writes: The Register reports that Debian is rejecting a new Intel microcode update because of a new license term prohibiting the use of the CPU for benchmarks and profiling.

There is a new license term applied to the new microcode: "You will not, and will not allow any third party to (i) use, copy, distribute, sell or offer to sell the Software or associated documentation; (ii) modify, adapt, enhance, disassemble, decompile, reverse engineer, change or create derivative works from the Software except and only to the extent as specifically required by mandatory applicable laws or any applicable third party license terms accompanying the Software; (iii) use or make the Software available for the use or benefit of third parties; or (iv) use the Software on Your products other than those that include the Intel hardware product(s), platform(s), or software identified in the Software; or (v) publish or provide any Software benchmark or comparison test results." UPDATE:: Intel has reworked the license to no longer prohibit benchmarking. Imad Sousou, corporate VP and general manager of Intel Open Source Technology Center, tweeted on Thursday: "We have simplified the Intel license to make it easier to distribute CPU microcode updates and posted the new version here. As an active member of the open source community, we continue to welcome all feedback and thank the community."
The security fixes are known to significantly slow down Intel processors, which won't just disappoint customers and reduce the public regard of Intel, it will probably lead to lawsuits (if it hasn't already). Suddenly having processors that are perhaps 5% to 10% slower, if they are to be secure, is a significant damage to many companies that run server farms or provide cloud services. I'm not blaming Intel for this, I don't know if Intel could have foreseen the problem. Since some similar exploits have been discovered for AMD and ARM CPUs, the answer could be "no." But certainly customers are upset.

Another issue is whether the customer should install the fix at all. Many computer users don't allow outside or unprivileged users to run on their CPUs the way a cloud or hosting company does. For them, these side-channel and timing attacks are mostly irrelevant, and the slowdown incurred by installing the fix is unnecessary.

So, lots of people are interested in the speed penalty incurred in the microcode fixes, and Intel has now attempted to gag anyone who would collect information for reporting about those penalties, through a restriction in their license. Bad move. The correct way to handle security problems is to own up to the damage, publish mitigations, and make it possible for your customers to get along. Hiding how they are damaged is unacceptable. Silencing free speech by those who would merely publish benchmarks? Bad business. Customers can't trust your components when you do that.

Intel on Tuesday disclosed three more possible flaws in some of its microprocessors that can be exploited to gain access to certain data from computer memory. From a report: Its commonly used Core and Xeon processors were among the products that were affected, the company said. "We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices," the company said in a blog post. Intel also released updates to address the issue and said new updates coupled those released earlier in the year will reduce the risk for users, including personal computer clients and data centres. In January, the company came under scrutiny after security researchers disclosed flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel, Advanced Micro Devices and ARM.

The OpenBSD project announced today plans to disable support for Intel CPU hyper-threading due to security concerns regarding the theoretical threat of more "Spectre-class bugs." Bleeping Computer reports: Hyper-threading (HT) is Intel's proprietary implementation of Simultaneous Multithreading (SMT), a technology that allows processors to run parallel operations on different cores of the same multi-core CPU. The feature has been added to all Intel CPUs released since 2002 and has come enabled by default, with Intel citing its performance boost as the main reason for its inclusion.

But today, Mark Kettenis of the OpenBSD project, said the OpenBSD team was removing support for Intel HT because, by design, this technology just opens the door for more timing attacks. Timing attacks are a class of cryptographic attacks through which a third-party observer can deduce the content of encrypted data by recording and analyzing the time taken to execute cryptographic algorithms. The OpenBSD team is now stepping in to provide a new setting to disable HT support because "many modern machines no longer provide the ability to disable hyper-threading in the BIOS setup."

Steven J. Vaughan-Nichols, writing for ZDNet: The latest Intel revelation, Lazy FP state restore, can theoretically pull data from your programs, including encryption software, from your computer regardless of your operating system. Like its forebears, this is a speculative execution vulnerability. In an interview, Red Hat Computer Architect Jon Masters explained: "It affects Intel designs similar to variant 3-a of the previous stuff, but it's NOT Meltdown." Still, "it allows the floating point registers to be leaked from another process, but alas that means the same registers as used for crypto, etc." Lazy State does not affect AMD processors.

This vulnerability exists because modern CPUs include many registers (internal memory) that represent the state of each running application. Saving and restoring this state when switching from one application to another takes time. As a performance optimization, this may be done "lazily" (i.e., when needed) and that is where the problem hides. This vulnerability exploits "lazy state restore" by allowing an attacker to obtain information about the activity of other applications, including encryption operations. Further reading: Twitter thread by security researcher Colin Percival, BleepingComputer, and HotHardware.

An anonymous reader quotes a report from The Verge: Microsoft and Google are jointly disclosing a new CPU security vulnerability that's similar to the Meltdown and Spectre flaws that were revealed earlier this year. Labelled Speculative Store Bypass (variant 4), the latest vulnerability is a similar exploit to Spectre and exploits speculative execution that modern CPUs use. Browsers like Safari, Edge, and Chrome were all patched for Meltdown earlier this year, and Intel says "these mitigations are also applicable to variant 4 and available for consumers to use today." However, unlike Meltdown (and more similar to Spectre) this new vulnerability will also include firmware updates for CPUs that could affect performance. Intel has already delivered microcode updates for Speculative Store Bypass in beta form to OEMs, and the company expects them to be more broadly available in the coming weeks. The firmware updates will set the Speculative Store Bypass protection to off-by-default, ensuring that most people won't see negative performance impacts.

"If enabled, we've observed a performance impact of approximately 2-8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client 1 and server 2 test systems," explains Leslie Culbertson, Intel's security chief. As a result, end users (and particularly system administrators) will have to pick between security or optimal performance. The choice, like previous variants of Spectre, will come down to individual systems and servers, and the fact that this new variant appears to be less of a risk than the CPU flaws that were discovered earlier this year.

An anonymous reader writes: Intel released an update to the Meltdown and Spectre mitigation guide, revealing that it stopped working on mitigations for some processor series. The Meltdown and Spectre mitigation guide is a PDF document that Intel published in February. The file contains information on the status of microcode updates for each of Intel's CPU models released in the past years. Intel has constantly updated the document in the past weeks with new information about processor series and the microcode firmware version number that includes patches for the Meltdown and Spectre flaws.

An update published on Monday includes for the first time a "Stopped" production status. Intel says that processors with a "Stopped" status will not receive microcode updates. The reasons basically vary from "redesigning the CPU micro-architecture is impossible or not worth the effort" to "it's an old CPU" and "customers said they don't need it." The following Intel processor products received a "Stopped" status marker: Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0, Harpertown Xeon E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale C0, Wolfdale M0, Wolfdale E0, Wolfdale R0, Wolfdale Xeon C0, Wolfdale Xeon E0, Yorkfield, and Yorkfield Xeon.

An anonymous reader quotes BleepingComputer: Microsoft has issued on Saturday an emergency out-of-band Windows update that disables patches for the Spectre Variant 2 bug (CVE-2017-5715). The update -- KB4078130 -- targets Windows 7 (SP1), Windows 8.1, all versions of Windows 10, and all supported Windows Server distributions. Microsoft shipped mitigations for the Meltdown and Spectre bugs on January 3. The company said it decided to disable mitigations for the Spectre Variant 2 bug after Intel publicly admitted that the microcode updates it developed for this bug caused "higher than expected reboots and other unpredictable system behavior" that led to "data loss or corruption."

HP, Dell, and Red Hat took previous steps during the past week.
"We are also offering a new option -- available for advanced users on impacted devices -- to manually disable and enable the mitigation against Spectre Variant 2 (CVE 2017-5715) independently via registry setting changes..." Microsoft writes.

"We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device. "

Intel executive vice president Neil Shenoy said on Monday that the chip-maker has identified the source of some of the recent problems, so it is now recommended that users skip the available patches. From the blog post: We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior.

An anonymous reader writes: AMD has fixed, but not yet released BIOS/UEFI/firmware updates for the general public for a security flaw affecting the AMD Secure Processor. This component, formerly known as AMD PSP (Platform Security Processor), is a chip-on-chip security system, similar to Intel's much-hated Management Engine (ME). Just like Intel ME, the AMD Secure Processor is an integrated coprocessor that sits next to the real AMD64 x86 CPU cores and runs a separate operating system tasked with handling various security-related operations.

The security bug is a buffer overflow that allows code execution inside the AMD SPS TPM, the component that stores critical system data such as passwords, certificates, and encryption keys, in a secure environment and outside of the more easily accessible AMD cores. Intel fixed a similar flaw last year in the Intel ME.

An anonymous reader quotes a report from The Guardian: Intel has been hit with at least three class-action lawsuits over the major processor vulnerabilities revealed this week. Three separate class-action lawsuits have been filed by plaintiffs in California, Oregon and Indiana seeking compensation, with more expected. All three cite the security vulnerability and Intel's delay in public disclosure from when it was first notified by researchers of the flaws in June. Intel said in a statement it "can confirm it is aware of the class actions but as these proceedings are ongoing, it would be inappropriate to comment." The plaintiffs also cite the alleged computer slowdown that will be caused by the fixes needed to address the security concerns, which Intel disputes is a major factor. "Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time," Intel said in an earlier statement.

Intel said on Thursday that by next week it expects to have patched 90 percent of its processors that it released within the last five years, making PCs and servers "immune" from both the Spectre and Meltdown exploits. The company adds: Intel has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years. In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services.

Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time. While on some discrete workloads the performance impact from the software updates may initially be higher, additional post-deployment identification, testing and improvement of the software updates should mitigate that impact. System updates are made available by system manufacturers, operating system providers and others.

An anonymous reader quotes a report from Hot Hardware: The tech blogosphere lit up yesterday afternoon after reports of a critical bug in modern Intel processors has the potential to seriously impact systems running Windows, Linux and macOS. The alleged bug is so severe that it cannot be corrected with a microcode update, and instead, OS manufacturers are being forced to address the issue with software updates, which in some instances requires a redesign of the kernel software. Some early performance benchmarks have even suggested that patches to fix the bug could result in a performance hit of as much as 30 percent. Since reports on the issues of exploded over the past 24 hours, Intel is looking to cut through the noise and tell its side of the story. The details of the exploit and software/firmware updates to address the matter at hand were scheduled to go live next week. However, Intel says that it is speaking out early to combat "inaccurate media reports."

Intel acknowledges that the exploit has "the potential to improperly gather sensitive data from computing devices that are operating as designed." The company further goes on state that "these exploits do not have the potential to corrupt, modify or delete data." The company goes on to state that the "average computer user" will be negligibly affected by any software fixes, and that any negative performance outcomes "will be mitigated over time." In a classic case of trying to point fingers at everyone else, Intel says that "many different vendors' processors" are vulnerable to these exploits. You can read the full statement here.

An anonymous reader quotes a report from Engadget: Paul Otellini, Intel's previous CEO, died in his sleep on Monday, the company announced this morning. He was 66. Otellini served as Intel's fifth chief executive from 2005 through 2013, and leaves behind a legacy of the company's dominance in x86 processors. Notably, he also worked with Apple as it moved away from PowerPC chips and adopted Intel's wares. After retiring in 2013, Otellini revealed one major regret during his tenure: not working hard enough to get Intel's chips in the iPhone. Consequently, Intel mostly missed on the smartphone revolution.

Otellini joined Intel in 1974 and served various roles throughout his career, including chief operating officer from 2003 to 2005. He would go on to spend almost 40 years at the company. He was an intriguing choice as CEO, since he was the company's first non-engineer to hold that role.

Intel has confirmed the existence of a new processor family called Ice Lake that will be made on Intel's 10nm+ process. The company published basic information on the Ice Lake architecture on their codename decoder. AnandTech reports: This is an unexpected development as the company has yet to formally detail (let alone launch) the first 10nm Core architecture -- Cannon Lake -- and it's rare these days for Intel to talk more than a generation ahead in CPU architectures. Equally as interesting is the fact that Intel is calling Ice Lake the successor to their upcoming 8th generation Coffee Lake processors, which codename bingo aside, throws some confusion on where the 14nm Coffee Lake and 10nm Cannon Lake will eventually stand. As a refresher, the last few generations of Core have been Sandy Bridge, Ivy Bridge, Broadwell, Haswell, Skylake, with Kaby Lake being the latest and was recently released at the top of the year. Kaby Lake is Intel's third Core product produced using a 14nm lithography process, specifically the second-generation '14 PLUS' (or 14+) version of Intel's 14nm process.

Working purely on lithographic nomenclature, Intel has three processes on 14nm: 14, 14+, and 14++. As shown to everyone at Intel's Technology Manufacturing Day a couple of months ago, these will be followed by a trio of 10nm processes: 10nm, 10nm+ (10+), and 10++. On the desktop, Core processors will go from 14 to 14+ to 14++, such that we move from Skylake to Kaby Lake to Coffee Lake. On the Laptop side, this goes from 14 to 14+ to 14++/10, such that we move from Skylake to Kaby Lake to Coffee Lake like the desktops, but also that at some time during the Coffee Lake generation, Cannon Lake will also be launched for laptops. The next node for both after this is 10+, which will be helmed by the Ice Lake architecture.

Intel has jumped into the fray surrounding the Apple-Qualcomm patent spat by accusing the world's biggest maker of mobile phone chips of trying to use the courts to snuff out competition. From a report: The chip giant made the allegation late Thursday in a public statement (PDF) to US International Trade Commission. The commission had requested the statement as part of its investigation into Qualcomm's accusation that Apple's iPhones of infringe six of Qualcomm's mobile patents. Specifically, Intel said, the case is about quashing competition from Intel, which described itself as "Qualcomm's only remaining competitor" in the market for chips for cellular phones. "Qualcomm did not initiate this investigation to stop the alleged infringement of its patent rights; rather, its complaint is a transparent effort to stave off lawful competition from Qualcomm's only remaining rival," Intel said in its statement. "This twisted use of the Commission's process is just the latest in a long line of anticompetitive strategies that Qualcomm has used to quash incipient and potential competitors and avoid competition on the merits."

Intel is discontinuing its Galileo, Joule, and Edison lineups of development boards. The chip-maker quietly made the announcement last week. From company's announcement: Intel Corporation will discontinue manufacturing and selling all skus of the Intel Galileo development board. Shipment of all Intel Galileo product skus ordered before the last order date will continue to be available from Intel until December 16, 2017. [...] Intel will discontinue manufacturing and selling all skus of the Intel Joule Compute Modules and Developer Kits (known as Intel 500 Series compute modules in People's Republic of China). Shipment of all Intel Joule products skus ordered before the last order date will continue to be available from Intel until December 16, 2017. Last time orders (LTO) for any Intel Joule products must be placed with Intel by September 16, 2017. [...] Intel will discontinue manufacturing and selling all skus of the Intel Edison compute modules and developer kits. Shipment of all Intel Edison product skus ordered before the last order date will continue to be available from Intel until December 16, 2017. Last time orders (LTO) for any Intel Edison products must be placed with Intel by September 16, 2017. All orders placed with Intel for Intel Edison products are non-cancelable and non-returnable after September 16, 2017. The company hasn't shared any explanation for why it is discontinuing the aforementioned development boards. Intel launched the Galileo, an Arduino-compatible mini computer in 2013, the Edison in 2014, and the Joule last year. The company touted the Joule as its "most powerful dev kit." You can find the announcement posts here.

An anonymous reader writes: Intel posted a long blog post yesterday touting the success and evolution of its 40-year-old x86 microprocessor -- the one that powered the first IBM personal computer in 1978 and still powers the majority of PCs and laptops. But it wasn't just a stroll down memory lane. Intel ended the post with a reminder that it won't tolerate infringement on its portfolio of patents, including those surrounding x86. The company wrote, "Intel invests enormous resources to advance its dynamic x86 ISA, and therefore Intel must protect these investments with a strong patent portfolio and other intellectual property rights. [...] Intel carefully protects its x86 innovations, and we do not widely license others to use them. Over the past 30 years, Intel has vigilantly enforced its intellectual property rights against infringement by third-party microprocessors. [...] Only time will tell if new attempts to emulate Intel's x86 ISA will meet a different fate. Intel welcomes lawful competition, and we are confident that Intel's microprocessors, which have been specifically optimized to implement Intel's x86 ISA for almost four decades, will deliver amazing experiences, consistency across applications, and a full breadth of consumer offerings, full manageability and IT integration for the enterprise. However, we do not welcome unlawful infringement of our patents, and we fully expect other companies to continue to respect Intel's intellectual property rights. Also read: Intel Fires Warning Shot At Qualcomm and Microsoft Over Windows 10 ARM Emulation.

Intel has released a new study that predicts a $7 trillion annual revenue stream from the emerging passenger economy. In the report, Intel says that the companies that don't prepare for self-driving risk failure or extinction. Additionally, the report finds that over a half a million lives could be saved by self-driving cars over just one decade. The Verge reports: The study, prepared by Strategy Analytics, predicts autonomous vehicles will create a massive economic opportunity that will scale from $800 billion in 2035 (the base year of the study) to $7 trillion by 2050. An estimated 585,000 lives could be saved due to autonomous vehicles between 2035 and 2045, the study predicts. This âoepassenger economy,â as Intel is calling it, includes the value of the products and services derived from fully autonomous vehicles as well as indirect savings such as time. Autonomous technology will drive change across a range of industries, the study predicts, the first green shoots of which will appear in the business-to-business sector. These autonomous vehicles will first appear in developed markets and will reinvent the package delivery and long-haul transportation sectors, says Strategy Analytics president Harvey Cohen, who co-authored the study. This will relieve driver shortages, a chronic problem in the industry, and account for two-thirds of initial projected revenues. One of the bolder predictions is that public transportation as we know it today â" trains, subways, light rails, and buses -- will be supplanted, or at least radically changed, by the rise of on-demand autonomous vehicle fleets. The study argues that people will flock to suburbs as population density rises in city centers, pushing commute times higher and âoeoutstripping the ability of public transport infrastructure to fully meet consumer mobility needs.â

Reader WheezyJoe writes: Four new 9700-series Itanium CPUs will be the last and final Itaniums Intel will ship. For those who might have forgotten, Itanium and its IA-64 architecture was intended to be Intel's successor to 32-bit i386 architecture back in the early 2000's. Developed in conjunction with HP, IA-64 used a new architecture developed at HP that, while capable as a server platform, was not backward-compatible with i386 and required emulation to run i386-compiled software. With the release of AMD's Opteron in 2003 featuring their alternative, fully backward-compatible X86-64 architecture, interest in Itanium fell, and Intel eventually adopted AMD's technology for its own chips and X86-64 is now dominant today. In spite of this, Itanium continued to be made and sold for the server market, supported in part by an agreement with HP. With that deal expiring this year, these new Itaniums will be Intel's last.

An anonymous reader quotes Ars Technica: A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined, because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password. This is according to technical analyses published Friday... AMT makes it possible to log into a computer and exercise the same control enjoyed by administrators with physical access [and] was set up to require a password before it could be remotely accessed over a Web browser interface. But, remarkably, that authentication mechanism can be bypassed by entering any text string -- or no text at all...

"Authentication still worked" even when the wrong hash was entered, Tenable Director of Reverse Engineering Carlos Perez wrote. "We had discovered a complete bypass of the authentication scheme." A separate technical analysis from Embedi, the security firm Intel credited with first disclosing the vulnerability, arrived at the same conclusion... Making matters worse, unauthorized accesses typically aren't logged by the PC because AMT has direct access to the computer's network hardware... The packets bypass the OS completely.
The article adds that Intel officials "said they expect PC makers to release a patch next week." And in the meantime? "Intel is urging customers to download and run this discovery tool to diagnose potentially vulnerable computers."

Saturday Ars Technica found more than 8,500 systems with an AMT interface exposed to the internet using the Shodan search engine -- over 2,000 in the United States -- adding that "many others may be accessible via organizational networks."

An anonymous reader quotes Ars Technica: A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined, because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password. This is according to technical analyses published Friday... AMT makes it possible to log into a computer and exercise the same control enjoyed by administrators with physical access [and] was set up to require a password before it could be remotely accessed over a Web browser interface. But, remarkably, that authentication mechanism can be bypassed by entering any text string -- or no text at all...

"Authentication still worked" even when the wrong hash was entered, Tenable Director of Reverse Engineering Carlos Perez wrote. "We had discovered a complete bypass of the authentication scheme." A separate technical analysis from Embedi, the security firm Intel credited with first disclosing the vulnerability, arrived at the same conclusion... Making matters worse, unauthorized accesses typically aren't logged by the PC because AMT has direct access to the computer's network hardware... The packets bypass the OS completely.
The article adds that Intel officials "said they expect PC makers to release a patch next week." And in the meantime? "Intel is urging customers to download and run this discovery tool to diagnose potentially vulnerable computers."

Saturday Ars Technica found more than 8,500 systems with an AMT interface exposed to the internet using the Shodan search engine -- over 2,000 in the United States -- adding that "many others may be accessible via organizational networks."

Chris Williams reports via The Register: Intel processor chipsets have, for roughly the past nine years, harbored a security flaw that can be exploited to remotely control and infect vulnerable systems with virtually undetectable spyware and other malicious code. Specifically, the bug is in Intel's Active Management Technology (AMT), Standard Manageability (ISM) and Small Business Technology (SBT) firmware versions 6 to 11.6. According to Chipzilla, the security hole allows "an unprivileged attacker to gain control of the manageability features provided by these products." That means hackers exploiting the flaw can silently snoop on a vulnerable machine's users, make changes to files and read them, install rootkits and other malware, and so on. This is possible across the network, or with local access. These management features have been available in various Intel chipsets for years, starting with the Nehalem Core i7 in 2008, all the way up to Kaby Lake Core parts in 2017. According to Intel today, this critical security vulnerability, labeled CVE-2017-5689, was found and reported in March by Maksim Malyutin at Embedi. To get the patch to close the hole, you'll have to pester your machine's manufacturer for a firmware update, or try the mitigations here. These updates are hoped to arrive within the next few weeks.

Chris Williams reports via The Register: Intel processor chipsets have, for roughly the past nine years, harbored a security flaw that can be exploited to remotely control and infect vulnerable systems with virtually undetectable spyware and other malicious code. Specifically, the bug is in Intel's Active Management Technology (AMT), Standard Manageability (ISM) and Small Business Technology (SBT) firmware versions 6 to 11.6. According to Chipzilla, the security hole allows "an unprivileged attacker to gain control of the manageability features provided by these products." That means hackers exploiting the flaw can silently snoop on a vulnerable machine's users, make changes to files and read them, install rootkits and other malware, and so on. This is possible across the network, or with local access. These management features have been available in various Intel chipsets for years, starting with the Nehalem Core i7 in 2008, all the way up to Kaby Lake Core parts in 2017. According to Intel today, this critical security vulnerability, labeled CVE-2017-5689, was found and reported in March by Maksim Malyutin at Embedi. To get the patch to close the hole, you'll have to pester your machine's manufacturer for a firmware update, or try the mitigations here. These updates are hoped to arrive within the next few weeks.

An anonymous reader quotes a report from Ars Technica: Intel mostly missed the boat on smartphones, but the company is trying to establish a firm foothold in the ever-broadening marketplace for connected appliances and other smart things. Intel's latest effort in this arena is its new "Compute Card," a small 94.5mm by 55mm by 5mm slab that includes a CPU and GPU, RAM, storage, and wireless connectivity. Intel hasn't given us specific information about the specs and speeds of its first Compute Cards, but you can expect the fastest ones to approach the performance of high-end fanless laptops like Apple's MacBooks. Intel told us that processors with a TDP of up to 6W could fit inside the Compute Cards, which covers both low-power Atom chips like those that powered early versions of Intel's Compute Stick to full Core M and Y-series Core i5 and i7 CPUs like the ones you find in laptops. Intel says that the card uses a variant of the USB-C port called "USB-C plus extension" to connect with the systems it's plugged into. That connector gives devices direct access to the USB and PCIe buses as well as HDMI and DisplayPort video outputs. The company considers the Compute Card to be a replacement of sorts for the Compute Stick, which Intel says will probably disappear from its roadmap in 2018 or so. The issue with the Compute Stick from Intel's perspective is that its input and output ports were unnecessarily limiting -- it could only connect to HDMI ports and could only accept a limited number of USB inputs. The Compute Card can be slid into a wider variety of enclosures that can use all kinds of ports and display interfaces, and Intel says the Card will also offer a large array of performance and storage options, unlike current Compute Sticks.

An anonymous reader quotes a report from Ars Technica: Intel mostly missed the boat on smartphones, but the company is trying to establish a firm foothold in the ever-broadening marketplace for connected appliances and other smart things. Intel's latest effort in this arena is its new "Compute Card," a small 94.5mm by 55mm by 5mm slab that includes a CPU and GPU, RAM, storage, and wireless connectivity. Intel hasn't given us specific information about the specs and speeds of its first Compute Cards, but you can expect the fastest ones to approach the performance of high-end fanless laptops like Apple's MacBooks. Intel told us that processors with a TDP of up to 6W could fit inside the Compute Cards, which covers both low-power Atom chips like those that powered early versions of Intel's Compute Stick to full Core M and Y-series Core i5 and i7 CPUs like the ones you find in laptops. Intel says that the card uses a variant of the USB-C port called "USB-C plus extension" to connect with the systems it's plugged into. That connector gives devices direct access to the USB and PCIe buses as well as HDMI and DisplayPort video outputs. The company considers the Compute Card to be a replacement of sorts for the Compute Stick, which Intel says will probably disappear from its roadmap in 2018 or so. The issue with the Compute Stick from Intel's perspective is that its input and output ports were unnecessarily limiting -- it could only connect to HDMI ports and could only accept a limited number of USB inputs. The Compute Card can be slid into a wider variety of enclosures that can use all kinds of ports and display interfaces, and Intel says the Card will also offer a large array of performance and storage options, unlike current Compute Sticks.

As the company looks to build its presence in automated driving technology, Intel announced on Tuesday it will acquire a 15 percent stake in German digital mapping firm HERE. Reuters reports: A filing to the German cartel office on Tuesday showed Intel has sought approval to buy a stake in the company, which is controlled by German carmakers Daimler, BMW and Volkswagen. Intel and HERE said in a statement that they had also signed an agreement to collaborate on the research and development of real-time updates of high definition (HD) maps for highly- and fully-automated driving. Intel did not disclose how much it would pay for the stake but said the transaction is expected to close in the first quarter. The deal highlights a shift in the dynamics of research and development in the car industry, which until recently saw automakers largely dictating terms for suppliers to manufacture their proprietary technologies at specified volumes and prices. Now carmakers are increasingly striking partnerships with technology firms using open technology standards, seeking to harness their expertise in areas including machine learning and mapping as they race against Silicon Valley companies such as Google, Tesla and Apple to develop driverless vehicles.

An anonymous reader writes: Chip maker Intel has entered an unlikely partnership with British semiconductor firm ARM in an effort to boost opportunities for its foundry business. The licensing agreement, which was confirmed at the Intel Development Forum in San Francisco, means that from 2017 Intel's Custom Foundry will manufacture ARM chips -- used by smartphone giants such as Apple, Qualcomm and Samsung. On the announcement of its latest earnings report, Intel was clear to highlight a shift in focus, away from the traditional PC market, to emerging areas such as the Internet of Things and mobile -- a sector dominated by one-time arch rival ARM. It seems that Intel has now decided to surrender to the latter's prominence in the field.

MojoKid writes: Intel CEO Bryan Krzanich took to the stage at the Moscone Center in San Francisco today to kick off this year's Intel Developers Forum. Kyrzanich unveiled a number of new projects and products including a product code-named "Project Alloy." The device is an un-tethered, merged reality Head Mounted Device (HMD) that combines compute, graphics, multiple RealSense modules, various sensors, and batteries into a self-contained headset that offers a full six degrees of freedom. Unlike the Oculus Rift and HTC Vive, Project Alloy does not need to be wired to a PC or other device and it does not require externally mounted sensors to define a virtual space. Instead, it uses RealSense cameras to map the actual physical world you're in while wearing the HMD. The RealSense cameras also allow the device to bring real-world objects into the virtual world, or vice versa. The cameras and sensors used in Project Alloy offer full depth sensing, so obstacles can be mapped, and people and objects within camera range -- like your hand, for example -- can be brought into the virtual world and accurately tracked. During a live, on-stage demo performed by Intel's Craig Raymond, Craig's hand was tracked and all five digits, complete with accurate bones and joint locations, were brought into the the VR/AR experience. Project Alloy will be supported by Microsoft's Windows Holographics Shell framework.

MojoKid writes: Intel CEO Bryan Krzanich took to the stage at the Moscone Center in San Francisco today to kick off this year's Intel Developers Forum. Kyrzanich unveiled a number of new projects and products including a product code-named "Project Alloy." The device is an un-tethered, merged reality Head Mounted Device (HMD) that combines compute, graphics, multiple RealSense modules, various sensors, and batteries into a self-contained headset that offers a full six degrees of freedom. Unlike the Oculus Rift and HTC Vive, Project Alloy does not need to be wired to a PC or other device and it does not require externally mounted sensors to define a virtual space. Instead, it uses RealSense cameras to map the actual physical world you're in while wearing the HMD. The RealSense cameras also allow the device to bring real-world objects into the virtual world, or vice versa. The cameras and sensors used in Project Alloy offer full depth sensing, so obstacles can be mapped, and people and objects within camera range -- like your hand, for example -- can be brought into the virtual world and accurately tracked. During a live, on-stage demo performed by Intel's Craig Raymond, Craig's hand was tracked and all five digits, complete with accurate bones and joint locations, were brought into the the VR/AR experience. Project Alloy will be supported by Microsoft's Windows Holographics Shell framework.

An anonymous Slashdot reader writes: "We just came from Oracle, then we go to HP, Google; we're going to do Tesla, Intel, eBay and Yahoo. And Apple, I forgot Apple..." says one San Francisco resident, describing a tour he's providing for his friend from Tokyo. In fact, Silicon Valley's iconic tech companies have discovered tourists are now dropping in on their headquarters. "It was nice to walk between the buildings, take some pictures and see the employees enjoy their lunch break," wrote one visitor to Google's campus, before complaining that Google hadn't also provided them with bathroom access. "We got told not to use the Google bikes as they are for employees only, which was a bit of a shame," another visitor complained.

"Hundreds of people a day visit the Facebook sign and Google's Android sculpture garden in Mountain View," reports the Bay Area Newsgroup, "with many stopping at other tech giants as well, snapping photos and shooting video..." In fact, Tesla, Apple, Facebook, and Google have all now installed stores where tourists can purchase branded merchandise. (Google sells figurines of their Android mascot for $15). "What you're seeing are people on a pilgrimage..." said Stanford communications professor Fred Turner. "Folks are looking for a physical place behind the kind of dematerialized experience that they have online."
Intel has its own museum, and the Los Altos garage where Steve Jobs started Apple has even been designated a historic site. Are there any other historic tech sites that should be preserved to inspire future generations of tourists?

A week after announcing 12,000 job cuts, Intel CEO Brian Krzanich has shared vision for the company, hinting a shift in its prime focus away from PC business. In a blog post, Krzanich said that the company will be actively growing its data center business. The chip maker also plans to focus on chips and technologies for IoT devices. "The biggest opportunity in the Internet of Things is that it encompasses just about everything in our lives today-- it's ubiquitous," Krzanich said. The company also plans to boost its memory chips business and make a push towards utilizing them in data centers and various cloud services. Intel said that it has made several investments in this field, noting the $16 billion acquisition of Altera last year. The company says it will be playing a big role in the move to 5G connectivity. "Connectivity is fundamental to every one of the cloud-to-thing segments we will drive," he writes.

Over the years, Intel has failed to keep up with Moore's Law, an axiom that semiconductor density will double about every two years. The company previously extended the timeframe to 2.5 years, but Krzanich assures customers that the they are working to make further advances in order to meet the goal. "Moore's Law is fundamentally a law of economics, and Intel will confidently continue to harness its value," Krzanich said. PCWorld has extensively reported on this.

Tekla Perry writes: It's all about the cloud and the Internet of Things, says Intel explaining the planned layoffs, which will affect some 12,000 employees. Intel CEO Brian Krzanich promises in an email today to employees, that the "transition" will be handled with the "utmost dignity and respect." According to IEEE Spectrum, "Intel Corp. today announced that it would cut some 12,000 jobs -- that's 11 percent of its total workforce -- by mid-2017, with the majority of those affected getting the bad news within the next two months. In a press release, the company said the 'restructuring initiative' would 'accelerate its evolution from a PC company to one that powers the cloud and the billions of smart, connected computing devices,' and that the company would be increasing its investments in 'data center, IoT memory, and connectivity businesses.'"

An anonymous reader writes: Intel has acquired the Italian company Yogitech to improve upon Internet of Things (IoT) security and Advanced Driver Assistance Systems. Yogitech's flagship technology known as faultRobust is designed to keep circuits functional and prevent device failure. Since Intel provides chips for IoT devices, it makes sense for the company to be interested expanding that effort with Yogitech's technology. Intel's Atom and Quark chips are used in IoT devices, and it bundles hardware- and software- based security and networking layers in with those chips. The most obvious use for Yogitech's technology is with autonomous vehicles, where the circuitry can be used to reduce errors related to braking and identification of objects. It may also be used in industrial machines, where the chances of equipment hurting the process or a worker could be reduced. According to Intel, 30 percent of the IoT market will require functional safety systems. Intel didn't comment how much they paid to buy the company.

itwbennett writes: The flaw in a utility that helps users download the latest drivers for their Intel hardware components stems from the tool using unencrypted HTTP connections to check for driver updates. It was discovered by researchers from Core Security and was reported to Intel in November. The Core Security researchers found that the utility was checking for new driver versions by downloading XML files from Intel's website over HTTP. These files included the IDs of hardware components, the latest driver versions available for them and the corresponding download URLs. Intel Driver Update Utility users are strongly advised to download the latest version from Intel's support website.

An anonymous reader writes: To help mitigate the cyber-security risks in connected automobiles Intel has established the Automotive Security Review Board (ASRB). Intel says: "The board will encompass top security industry talent across the globe with particular areas of expertise in cyber-physical systems. The ASRB researchers will perform ongoing security tests and audits intended to codify best practices and design recommendations for advanced cybersecurity solutions and products to benefit the automobile industry and drivers. Intel also published the first version of its automotive cybersecurity best practices white paper, which the company will continue to update based on ASRB findings."

MojoKid writes: Today at a press conference in San Francisco, Intel and Micron unveiled 3D XPoint (Cross Point) memory technology, a non-volatile memory architecture they claim could change the landscape of consumer electronics and computer architectures for years to come. Intel and Micron say 3D XPoint memory is 1000 times faster than NAND, boasts 1000x the endurance of NAND, and offers 8-10 times the density of conventional memory. 3D XPoint isn't electron based, it's material based. The companies aren't diving into specifics yet surrounding the materials used in 3D XPoint, but the physics are fundamentally different than what we're used to. It's 3D stackable and its cross point connect structure allows for dense packing and individual access at the cell level from the top or bottom of a memory array. Better still, Intel alluded to 3D XPoint not being as cost-prohibitive as you might expect. Intel's Rob Crooke explained, "You could put the cost somewhere between NAND and DRAM." Products with the new memory are expected to arrive in 2016 and the joint venture is in production with wafers now.

An anonymous reader writes: Researchers from Intel have been working on new methods for improving the rendering speed for modern wide-angle head-mounted displays like the Oculus Rift and Google Cardboard. Their approach makes use of the fact that because of the relatively cheap and lightweight lenses the distortion astigmatism happens: only the center area can be perceived very sharp, while with increasing distance from it, the perception gets more and more blurred. So what happens if you don't spend the same amount of calculations and quality for all pixels? The blog entry gives hints to future rendering architectures and shows performance numbers.

rastos1 writes: In a recent blog, software developer Bruce Dawson pointed out some issues with the way the FSIN instruction is described in the "Intel® 64 and IA-32 Architectures Software Developer's Manual," noting that the result of FSIN can be very inaccurate in some cases, if compared to the exact mathematical value of the sine function.

Dawson says, "I was shocked when I discovered this. Both the fsin instruction and Intel's documentation are hugely inaccurate, and the inaccurate documentation has led to poor decisions being made. ... Intel has known for years that these instructions are not as accurate as promised. They are now making updates to their documentation. Updating the instruction is not a realistic option."

Intel processors have had a problem with math in the past, too.

rastos1 writes: In a recent blog, software developer Bruce Dawson pointed out some issues with the way the FSIN instruction is described in the "Intel® 64 and IA-32 Architectures Software Developer's Manual," noting that the result of FSIN can be very inaccurate in some cases, if compared to the exact mathematical value of the sine function.

Dawson says, "I was shocked when I discovered this. Both the fsin instruction and Intel's documentation are hugely inaccurate, and the inaccurate documentation has led to poor decisions being made. ... Intel has known for years that these instructions are not as accurate as promised. They are now making updates to their documentation. Updating the instruction is not a realistic option."

Intel processors have had a problem with math in the past, too.

Radiosonde, weather balloon, near-space exploration package... call it what you will, but today's interviewee, Jamel Tayeb, is hanging instrument packages and cameras below balloons and sending them up to 97,000 feet (his highest so far), then recovering them 50 or 60 miles away from their liftoff points with help from a locator beacon -- and not just any locator beacon, mind you, but a special one from a company called High Altitude Science with "unlocked" firmware that allows it to work with GPS satellites from altitudes greater than 60,000 feet, which typical, off-the-shelf GPS units can't do.

Here's a balloon launch video from Instructure, a company that helps create open source education systems. The point of their balloon work (and Jamel's) is not that they get to boast about what they're doing, but so you and people like you say, "I can make a functioning high altitude weather balloon system with instrumentation and a decent camera for only $1000?" This is a lot of money for an individual, but for a high school science program it's not an impossible amount. And who knows? You might break the current high-altitude balloon record of 173,900 feet. Another, perhaps more attainable record is PARIS (Paper Aircraft Released Into Space) which is currently 96,563 feet. Beyond that? Perhaps you'll want to take a crack at beating Felix Baumgartner's high altitude skydiving and free fall records. And once you are comfortable working with near space launches, perhaps you'll move on to outer space work, where you'll join Elon Musk and other space transportation entrepreneurs. (Alternate Video Link)

Zothecula writes: Intel has been working on a 3D scanner small enough to fit in the bezel of even the thinnest tablets. The company aims to have the technology in tablets from 2015, with CEO Brian Krzanich telling the crowd at MakerCon in New York on Thursday that he hopes to put the technology in phones as well.

Edison is an Intel creation aimed squarely at the maker and prototype markets. It's smaller than an Arduino, has built-in wi-fi, and is designed to be used in embedded applications. SparkFun is "an online retail store that sells the bits and pieces to make your electronics projects possible." They're partnering with Intel to sell the Edison and all kinds of add-ons for it. Open source? Sure. Right down to the schematics. David Stillman, star of today's video, works for SparkFun. He talks about "a gajillion" things you can do with an Edison, up to and including the creation of an image-recognition system for your next homemade drone. (Alternate Video Link)

szczys writes: Intel is upping their bid for a place at the efficient-yet-powerful device table. They've launched their Edison board, which features an x86 based SoC running at 100 MHz. The footprint measures 35.5mm x 25.0mm and offers a 70-pin connector to break out 40 pins for add-on hardware. Also at the Intel Developer Forum today, the company demonstrated a PC running on Skylake, a new CPU microarchitecture based on the 14nm process used for Broadwell. Intel is pushing to break into both wearable devices and household devices, as it sees both as huge opportunities for growth.

New submitter mpicpp points out that Intel has unveiled a PC called Edison, which fits into a casing the size of an SD card. "Edison is based on Intel’s Quark chip, which it launched last year as its attempt to muscle in on that other flavour-of-the-month market: the so-called Internet of Things. It also reflects the company’s new-found keenness on the 'maker' community. Quark, a 22nm low-power x86 processor with two cores, sits inside Intel’s Arduino-compatible Raspberry Pi-alike Galileo board computer. Edison takes the same chip, connects it to a wee bit of LPDDR2 memory and Flash storage, and plugs in Bluetooth 4.0 Smart — aka LE — and Wi-Fi for broader connectivity."

jones_supa writes "One of the most important measuring sticks for the success of any software is how long a user keeps it installed after first trying it. Intel has an article about some of the most common reasons users abandon software. Quoting: 'Apps that don’t offer anything helpful or unique tend to be the ones that are uninstalled the most frequently. People cycle through apps incredibly quickly to find the one that best fits their needs. ... A lot of apps have a naturally limited lifecycle; i.e., apps that are centered around a movie release or an app that tracks a pregnancy, or an app that celebrates a holiday. In addition, apps with limited functionality, for example, “lite” games that only go so far, are uninstalled once the user has mastered all the levels.' Some of the common factors they list include: lengthy forms, asking for ratings, collecting unnecessary data, user unfriendliness, unnecessary notifications and, of course, bugs. Additionally, if people have paid even a small price for the app, they are more committed to keep it installed. So, what makes you uninstall a piece of software?"

MojoKid writes "Although Intel is Chipzilla, the company can't help but extend its reach just a bit into the exciting and growing world of DIY makers and hobbyists. Intel announced its Galileo development board, a microcontroller that's compatible with Arduino software and uses the new Quark X1000 processor (400MHz, 32-bit, Pentium-class, single- core and thread) that Intel announced at the IDF 2013 keynote. The board makes use of Intel's architecture to make it easy to develop for Windows, Mac, and Linux, but it's also completely open hardware (PDF). Galileo is 10cm x 7cm (although ports protrude a bit beyond that), and there are four screw holes for secure mounting. Ports include 10/100 Ethernet, USB client/host ports, RS-232 UART and 3.5mm jack, mini PCIe slot (with USB 2.0 host support); other features include 8MB Legacy SPI Flash for firmware storage, 512KB embedded SRAM, 256MB DRAM, 11KB EEPROM programmed via the EEPROM library, and support for an additional 32GB of storage using a microSD card."