Bug

Researchers Run Unsigned Code on Intel ME By Exploiting USB Ports (thenextweb.com) 171

Slashdot user bongey writes: A pair of security researchers in Russia are claiming to have compromised the Intel Management Engine just using one of the computer's USB ports. The researchers gained access to a fully functional JTAG connection to Intel CSME via USB DCI. The claim is different from previous USB DCI JTAG examples from earlier this year. Full JTAG access to the ME would allow making permanent hidden changes to the machine.
"Getting into and hijacking the Management Engine means you can take full control of a box," reports the Register, "underneath and out of sight of whatever OS, hypervisor or antivirus is installed."

They add that "This powerful God-mode technology is barely documented," while The Next Web points out that USB ports are "a common attack vector."
Google

Google Working To Remove MINIX-Based ME From Intel Platforms (tomshardware.com) 180

An anonymous reader quotes a report from Tom's Hardware: Intel's Management Engine (ME) technology is built into almost all modern Intel CPUs. At the Embedded Linux Conference, a Google engineer named Ronald Minnich revealed that the ME is actually running its own entire MINIX OS and that Google is working on removing it. Due to MINIX's presence on every Intel system, the barebones Unix-like OS is the most widely deployed operating system in the world. Intel's ME technology is a hardware-level system within Intel CPUs that consists of closed-source firmware running on a dedicated microprocessor. There isn't much public knowledge of the workings of the ME, especially in its current state. It's not even clear where the hardware is physically located anymore.

What's concerning Google is the complexity of the ME. Public interest in the subject piqued earlier this year when a vulnerability was discovered in Intel's Active Management Technology (AMT), but that's just a software that runs on ME--ME is actually an entire OS. Minnich's presentation touched on his team's discovery that the OS in question is a closed version of the open-source MINIX OS. The real focus, though, is what's in it and the consequences. According the Minnich, that list includes web server capabilities, a file system, drivers for disk and USB access, and, possibly, some hardware DRM-related capabilities. It's not known if all this code is explicitly included for current or future ME capabilities, or if it's because Intel simply saw more potential value in keeping rather than removing it.

Businesses

Qualcomm Eyes Intel With Centriq 2400 Arm Server Chip (eweek.com) 23

Qualcomm is now challenging rival Intel in the rapidly changing data center market. From a report: The company is now selling its long-awaited Centriq 2400 Arm-based server processor that is aimed at the fast-growing cloud market and that Qualcomm officials say beats Intel in such crucial areas as power efficiency and cost. Officials from Arm and its manufacturing partners have for several years talked about pushing the Arm architecture into the data center as an alternative to Intel, and some manufacturers like Cavium and Applied Micro in recent years have rolled out systems-on-a-chip (SoCs) based on the 64-bit Armv8-A design. However, Qualcomm represents the most significant Arm chip maker in terms of scale and resources to challenge Intel, which holds more than 90 percent of the global server chip market. Qualcomm's Centriq chips offer up to 48 single-threaded cores running up to 2.6GHz and are manufactured on Samsung's 10-nanometer FinFET process. The processors sport a bidirectional segmented ring bus with as much as 250G bps of aggregate bandwidth to avoid performance bottlenecks, 512KB of shared L2 cache for every two cores and 60MB of unified L3 cache. There also are six channels of DDR4 memory and support for up to 768GB of total DRAM with 32 PCIe Gen 3 lanes and six PCIe controllers. They also support Arm's TrustZone security technology and hypervisors for virtualization.
Intel

Intel Recruits AMD RTG Exec Raja Koduri To Head New Visual Computing Group (hothardware.com) 57

MojoKid writes: Intel just announced that former AMD Radeon Technologies Group SVP, Raja Koduri, would be joining its team to head up a newly formed Core and Visual Computing Group, and as a general manager of a new initiative to drive edge and client visual computing solutions. With Koduri's help, Intel plans to unify and expand its IP across multiple segments including core computing, graphics, media, imaging and machine learning capabilities for the client and data center segments, artificial intelligence, and emerging opportunities. Intel also explicitly stated that it would also expand its strategy to develop and deliver high-end, discrete graphics solutions. This announcement also comes just after Intel revealed it would be employing AMD's Vega GPU architecture in a new mobile processor that will drive high-end graphics performance into smaller, slimmer, and sleeker mobile form factors. With AMD essentially spinning the Radeon Technologies Group into its own entity, Intel now leveraging AMD graphics technology, and a top-level executive like Koduri responsible for said graphics tech switching teams, we have to wonder how the relationship between Intel and AMD's RTG with evolve.
AMD

Raja Koduri, AMD's Radeon Tech Group Leader, Resigns (anandtech.com) 38

Ryan Smith, writing for AnandTech: On the day following what's perhaps one of the greatest (and oddest) product design wins for AMD's Radeon Technologies Group, a second bit of surprising news is coming out of AMD. Raja Koduri, the Senior VP and Chief Architect of the group, who has been its leader since the RTG was formed two years ago, has announced that he is resigning from the company, effective tomorrow. Word of Raja's resignation originally broke via an internal memo penned by Raja and acquired by Hexus. And while AMD will not confirm the validity of the memo, the company is confirming that Raja has decided to leave the company.
Intel

MINIX: Intel's Hidden In-chip Operating System (zdnet.com) 269

Steven J. Vaughan-Nichols, writing for ZDNet: Matthew Garrett, the well-known Linux and security developer who works for Google, explained recently that, "Intel chipsets for some years have included a Management Engine [ME], a small microprocessor that runs independently of the main CPU and operating system. Various pieces of software run on the ME, ranging from code to handle media DRM to an implementation of a TPM. AMT [Active Management Technology] is another piece of software running on the ME." [...] At a presentation at Embedded Linux Conference Europe, Ronald Minnich, a Google software engineer reported that systems using Intel chips that have AMT, are running MINIX. So, what's it doing in Intel chips? A lot. These processors are running a closed-source variation of the open-source MINIX 3. We don't know exactly what version or how it's been modified since we don't have the source code. In addition, thanks to Minnich and his fellow researchers' work, MINIX is running on three separate x86 cores on modern chips. There, it's running: TCP/IP networking stacks (4 and 6), file systems, drivers (disk, net, USB, mouse), web servers. MINIX also has access to your passwords. It can also reimage your computer's firmware even if it's powered off. Let me repeat that. If your computer is "off" but still plugged in, MINIX can still potentially change your computer's fundamental settings. And, for even more fun, it "can implement self-modifying code that can persist across power cycles." So, if an exploit happens here, even if you unplug your server in one last desperate attempt to save it, the attack will still be there waiting for you when you plug it back in. How? MINIX can do all this because it runs at a fundamentally lower level. [...] According to Minnich, "there are big giant holes that people can drive exploits through." He continued, "Are you scared yet? If you're not scared yet, maybe I didn't explain it very well, because I sure am scared." Also read: Andrew S. Tanenbaum's (a professor of Computer Science at Vrije Universiteit) open letter to Intel.
Intel

Arch-rivals Intel and AMD Team Up on PC Chips To Battle Nvidia (pcworld.com) 169

Intel and AMD, arch-rivals for decades, are teaming up to thwart a common competitor, Nvidia. On Monday, the two companies said they are co-designing an Intel Core microprocessor with a custom AMD Radeon graphics core inside the processor package. The chip is intended for laptops that are thin and lightweight but powerful enough to run high-end videogames, the companies said. From a report: Executives from both AMD and Intel told PCWorld that the combined AMD-Intel chip will be an "evolution" of Intel's 8th-generation, H-series Core chips, with the ability to power-manage the entire module to preserve battery life. It's scheduled to ship as early as the first quarter of 2018. Though both companies helped engineer the new chip, this is Intel's project -- Intel first approached AMD, both companies confirmed. AMD, for its part, is treating the Radeon core as a single, semi-custom design, in the same vein as the chips it supplies to consoles like the Microsoft Xbox One X and Sony Playstation 4. Some specifics, though, remain undisclosed: Intel refers to it as a single product, though it seems possible that it could eventually be offered at a range of clock speeds. [...] Shaking hands on this partnership represents a rare moment of harmony in an often bitter rivalry that began when AMD reverse-engineered the Intel 8080 microchip in 1975.
Businesses

Broadcom Explores Buying Qualcomm (bloomberg.com) 69

phalse phace writes: Bloomberg news is reporting that Broadcom may be planning to make an offer to buy Qualcomm. From the report: "Broadcom Ltd. is considering a bid of more than $100 billion for Qualcomm Inc., according to people familiar with the matter, in what would be the biggest-ever takeover of a chipmaker. Broadcom is speaking to advisers about the potential deal, said the people, who asked not to be identified because talks are private. The offer of about $70 a share would include cash and stock and is likely to be made in the coming days, the people said." If the deal goes through, Broadcom would become "the world's third largest chipmaker behind Intel Corp. and Samsung Electronics Co. and give it a huge swath of the supply chain of vital phone components such as Wi-Fi and cellular modem chips. The two companies are already among the top ten providers of chips ranked by revenue in an industry that's consolidating rapidly."
Intel

Qualcomm Sues Apple For Contract Breach (reuters.com) 37

Qualcomm has sued Apple, again, this time alleging that it violated a software license contract to benefit rival chipmaker Intel for making broadband modems, the latest salvo in a longstanding dispute between the two companies. From a report: Qualcomm alleged in a lawsuit filed in the California state court in San Diego on Wednesday that Apple used its commercial leverage to demand unprecedented access to the chipmaker's highly confidential software, including source code. Apple began to use Intel's broadband modem chips in the iPhone 7, which it launched last year.
AMD

AMD, Which Lost Over $2.8 Billion In 5 Years, Takes a Hit After New Report (arstechnica.com) 91

An anonymous reader quotes a report from Ars Technica: On Monday, AMD's stock price plunged nearly 9 percent after a report by Morgan Stanley, a major investment bank, which found that "microprocessor momentum" has slowed. According to CNBC, a new report by analyst Joseph Moore found that "cryptocurrency mining driven sales for AMD's graphics chips will decline by 50 percent next year or a $250 million decline in revenue. He also forecasts video game console demand will decline by 5.5 percent in 2018." As per AMD's own SEC filings, the company lost over $2.8 billion from 2012 through 2016. However, new releases from AMD suggest that it may be on something of a resurgent track. As Ars reported last month, AMD's Ryzen and Threadripper processors re-established AMD's chips as competitive with Intel's.
Businesses

Apple Is Designing iPhones, iPads That Would Drop Qualcomm Components (wsj.com) 131

An anonymous reader quotes a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): Apple, locked in an intensifying legal fight with Qualcomm, is designing iPhones and iPads for next year that would jettison the chipmaker's components, according to people familiar with the matter. Apple is considering building the devices only with modem chips from Intel and possibly MediaTek because San Diego, Calif.-based Qualcomm has withheld software critical to testing its chips in iPhone and iPad prototypes, according to one of the people. Apple's planned move for next year involve the modem chips that handle communications between wireless devices and cellular networks. Qualcomm is by far the biggest supplier of such chips for the current wireless standard. The Apple plans indicate the battle with Qualcomm could spill beyond the courtroom feud over patents into another important Qualcomm business where it has the potential to send ripples through the smartphone supply chain.
Intel

Purism Now Offers Laptops with Intel's 'Management Engine' Disabled (puri.sm) 151

"San Francisco company Purism announced that they are now offering their Librem laptops with the Intel Management Engine disabled," writes Slashdot reader boudie2. Purism describes Management Engine as "a separate CPU that can run and control a computer even when powered off."

HardOCP reports that Management Engine "is widely despised by security professionals and privacy advocates because it relies on signed and secret Intel code, isn't easily alterable, isn't fully documented, and has been found to be vulnerable to exploitation... In short, it's a tiny potentially hackable computer in your computer that you cannot totally control, nor opt-out of, but it can totally control your system."

Purism writes: Disabling the Management Engine is no easy task, and it has taken security researchers years to find a way to properly and verifiably disable it. Purism, because it runs coreboot and maintains its own BIOS firmware update process, has been able to release and ship coreboot that disables the Management Engine from running, directly halting the ME CPU without the ability of recovery... "Disabling the Management Engine, long believed to be impossible, is now possible and available in all current Librem laptops. It is also available as a software update for previously shipped recent Librem laptops," says Todd Weaver, Founder & CEO of Purism.
Android

Everything New In the Android 8.1 Oreo Developer Preview (theverge.com) 42

On Wednesday, Google launched the Android 8.1 Developer Preview. The new version of Android is available for Pixel and Nexus devices, and features a number of under-the-hood changes. The new version tests another change to notifications in which apps can only make a notification sound alert once per second. It also contains an Easter egg: the Android Oreo logo now looks like an actual cookie. The Verge reports that 8.1 is eventually supposed to activate the hidden Pixel Visual Core system-on-a-chip, which aims to make image processing smoother and HDR+ available to third-party developers.
Businesses

McAfee Says It No Longer Will Permit Government Source Code Reviews (reuters.com) 79

Dustin Volz, Joel Schectman, and Jack Stubbs, reporting for Reuters: U.S.-based cyber firm McAfee said it will no longer permit foreign governments to scrutinize the source code of its products, halting a practice some security experts have warned could be leveraged by nation-states to carry out cyber attacks. Reuters reported in June that McAfee was among several Western technology companies that had acceded in recent years to greater demands by Moscow for access to source code, the instructions that control basic operations of computer equipment. The reviews, conducted in secure facilities known as "clean rooms" by Russian companies with expertise in technology testing, are required by Russian defense agencies for the stated purpose of ensuring no hidden "backdoors" exist in foreign-made software. But security experts and former U.S. officials have said those inspections provide Russia with opportunities to find vulnerabilities that could be exploited in offensive cyber operations. McAfee ended the reviews earlier this year after spinning off from Intel in April as an independent company, a McAfee spokeswoman said in an email to Reuters last week.
AMD

AMD Unveils Ryzen Mobile Processors Combining Zen Cores and Vega Graphics (hothardware.com) 41

MojoKid writes: AMD is officially launching a processor family today known by the code name Raven Ridge, but now referred to as Ryzen Mobile. The architecture combines AMD's new Zen CPU core architecture, along with its RX Vega GPU integrated into a single chip for laptops. There are two initial chips in the mobile processor family that AMD is announcing today: the Ryzen 5 2500U and the Ryzen 7 2700U. Both processors feature four cores capable of executing 8 threads with SMT. However, there are differences with respect to processor clocks and GPU specs. AMD's Ryzen 5 2500U has a base clock of 2GHz and a boost clock of 3.6GHz, while Ryzen 7 2700U cranks up another 200MHz on both of those figures. Ryzen 5 2500U features 8 Radeon Vega graphics CUs (Compute Units) and a GPU clock of 1.1GHz, compared to 10 Radeon Vega CUs and a GPU clock of 1.3GHz for the higher-end Ryzen 7 2700U. AMD is making rather ambitious claims for the new processors, and promises some impressive gains over its 7th generation Bristol Ridge predecessors. According to AMD, CPU and GPU performance will see 200 percent and 128 percent uplifts, respectively. AMD is also showcasing benchmark numbers that have the new CPUs outgunning Intel's new quad-core Kaby Lake R chips in spots, along with significant performance advantages in gaming and graphics, on par with discrete, entry-level laptop GPUs like NVIDIA's GeForce 950M. Thin and light laptops from HP, Lenovo and Acer powered by Ryzen Mobile are expected to ship in Q4 this year.
AI

Google Worked With Intel on a custom AI Chip For Its Pixel Phones (cnbc.com) 73

A special-purpose chip for artificial intelligence and other tasks in Google's new Pixel smartphones draws on Intel technology. From a report: In addition to a Qualcomm Snapdragon 835 chip, the Google Pixel 2 and Pixel 2 XL both feature a new custom Pixel Visual Core co-processor, which is meant to improve speed and battery life when shooting photos with Google's HDR+ technology, and better handle AI workloads in apps, Google has said. But the company didn't disclose details about its partners on the chip. Then, last week, device repair website iFixit published a teardown of the Pixel 2 XL that showed what the Pixel Visual Core chip actually looks like. The serial number on the chip in a photograph begins with "SR3," like some Intel chips. Google confirmed the connection. "Google built Pixel Visual Core with Intel," the Google spokesperson wrote in an email to CNBC. "Pixel Visual Core is a custom designed processor from Google, built to serve specific computational photography requirements that could not be met by existing chips."
Open Source

30-Year-Old Operating System 'PC-MOS/386' Finally Open Sourced (github.com) 173

PC-MOS/386 "was a multi-user, computer multitasking operating system...announced at COMDEX in November 1986," remembers Wikipedia, saying it runs many MS-DOS titles (though it's optimized for the Intel 80386 processor).

Today Slashdot user Roeland Jansen writes: After some tracking, racing and other stuff...PC-MOS/386 v5.01 is open source under GPLv3. Back in May he'd posted to a virtualization site that "I still have the source tapes. I want(ed) to make it GPL and while I got an OK on it, I haven't had time nor managed to get it legalized. E.g. lift the NDA and be able to publish."

1987 magazine ads described it as "the gateway to the latest technology...and your networking future," and 30 years later its release on GitHub includes sources and executables. "In concert with Gary Robertson and Rod Roark it has been decided to place all under GPL v3."
Businesses

Tech Companies To Lobby For Immigrant 'Dreamers' To Remain In US (reuters.com) 296

An anonymous reader quotes a report from Reuters: Nearly two dozen major companies in technology and other industries are planning to launch a coalition to demand legislation that would allow young, illegal immigrants a path to permanent residency, according to documents seen by Reuters. The Coalition for the American Dream intends to ask Congress to pass bipartisan legislation this year that would allow these immigrants, often referred to as "Dreamers," to continue working in the United States, the documents said. Alphabet Inc's Google, Microsoft Corp, Amazon.com Inc, Facebook Inc, Intel Corp, Uber Technologies Inc, IBM Corp, Marriott International Inc and other top U.S. companies are listed as members, one of the documents shows. The push for this legislation comes after President Donald Trump's September decision to allow the Deferred Action for Childhood Arrivals (DACA) program to expire in March. That program, established by former President Barack Obama in 2012, allows approximately 900,000 illegal immigrants to obtain work permits. Some 800 companies signed a letter to Congressional leaders after Trump's decision, calling for legislation protecting Dreamers. That effort was spearheaded by a pro-immigration reform group Facebook Chief Executive Mark Zuckerberg co-founded in 2013 called FWD.us.
Desktops (Apple)

Tim Cook Confirms the Mac Mini Isn't Dead (macrumors.com) 191

Apple has refreshed just about every Mac product within the last couple of years -- except for the Mac Mini. Naturally, this has left many analysts questioning whether or not the company would be phasing out the Mini to focus more on its mobile devices. A MacRumors reader decided to email Apple CEO Tim Cook to get an update on the Mac mini and he received a response. Cook said it was "not time to share any details," but he confirmed that the Mac mini will be an important part of the company's product lineup in the future. MacRumors reports: Cook's response echoes a similar statement from Apple marketing chief Phil Schiller, who commented on the Mac mini when Apple's plans for a new Mac Pro were unveiled. "The Mac mini is an important product in our lineup and we weren't bringing it up because it's more of a mix of consumer with some pro use," he said. Positioned as a "bring your own peripherals" machine that comes without a mouse, keyboard, or display, the Mac mini is Apple's most affordable desktop machine. The current version is woefully outdated though, and continues to use Haswell processors and integrated Intel HD 5000/Intel Iris Graphics. It's not clear when Apple will introduce a new Mac mini, and aside from a single rumor hinting at a new high-end Mac mini with a redesign that "won't be so mini anymore," we've heard no rumors about work on a possible Mac mini refresh.
Intel

Intel Aims To Take on Nvidia With a Processor Specially Designed for AI (fastcompany.com) 43

An anonymous reader shares a report: In what looks like a repeat of its loss to Qualcomm on smartphones, Intel has lagged graphics chip (GPU) maker Nvidia in the artificial intelligence revolution. Today Intel announced that its first AI chip, the Nervana Neural Network Processor, will roll out of factories by year's end. Originally called Lake Crest, the chip gets its name from Nervana, a company Intel purchased in August 2016, taking on the CEO, Naveen Rao, as Intel's AI guru. Nervana is designed from the ground up for machine learning, Rao tells me. You can't play Call of Duty with it. Rao claims that ditching the GPU heritage made room for optimizations like super-fast data interconnections allowing a bunch of Nervanas to act together like one giant chip. They also do away with the caches that hold data the processor might need to work on next. "In neural networks... you know ahead of time where the data's coming from, what operation you're going to apply to that data, and where the output is going to," says Rao.

Slashdot Top Deals