Language Selection

English French German Italian Portuguese Spanish

Hardware

Intel is Full of Holes

Filed under
Hardware
Security
  • A Security Issue in Intel’s Active Management Technology (AMT)
  • Backdoor In 30 Seconds: New Major AMT Security Flaw Is Here To Haunt Intel Laptops
  • Meltdown and Spectre FAQ: Crapification at Scale

    Yesterday, Yves posted a “primers on Meltdown and Spectre”, which included several explanations of the two bugs from different viewpoints; if you feel you don’t have a handle on them, please review it. Today, I want to give an overview of the two bugs. I will dig into the details of these two bugs in the form of a FAQ, and then I’ll open a discussion of the larger business and political economy issues raised in the form of a MetaFAQ. First, I should make one point: Meltdown is a bug; Specture is a class of bugs (or, if you prefer, a strategy).

    [...]

    What Are The Costs of the Meltdown and Spectre Bugs?

    A few billions.

  • Fixing Chipmageddon Will Slow Down Older Computers

    Microsoft has come out and said it: cures for the pervasive chip flaws Meltdown and Spectre are likely to dent the performance of your PC if it’s a few years old.

  • Intel needs to come clean about Meltdown and Spectre

    Intel hasn’t had the best of times recently. Meltdown and Spectre security flaws have helped reveal fundamental issues with processor designs over the past 20 years, and the software updates to protect PCs will have performance impacts. Even as I write this, it’s still not clear to anyone exactly how bad these performance impacts will be for older desktop systems, or how significant they’ll be to server-based cloud platforms. It’s all a bit of a mess, and Intel hasn’t helped with its lack of transparency. It’s time for Intel to stop hiding behind cleverly worded statements.

  • Intel details performance hit for Meltdown fix on affected processors
  • Keeping Spectre secret

    When Graz University of Technology researcher Michael Schwarz first reached out to Intel, he thought he was about to ruin the company’s day. He had found a problem with their chips, together with his colleagues Daniel Gruss, Moritz Lipp, and Stefan Mangard. The vulnerability was both profound and immediately exploitable. His team finished the exploit on December 3rd, a Sunday afternoon. Realizing the gravity of what they’d found, they emailed Intel immediately.

  • Intel's telling some customers to avoid its fix for the Spectre and Meltdown attacks — because of a big bug
  • Everything running smoothly at the plant? *Whips out mobile phone* Wait. Nooo...

    The security of mobile apps that tie in with Supervisory Control and Data Acquisition (SCADA) systems has deteriorated over the last two-and-a-half years, according to new research.

    A team of boffins from IOActive and IoT security startup Embedi said they had discovered 147 vulnerabilities in 34 of the most popular Android mobile apps for SCADA systems.

    Mobile applications are increasingly being used in conjunction with SCADA systems. The researchers warned these apps are "riddled with vulnerabilities that could have dire consequences on SCADA systems that operate industrial control systems".

Tiny module and SBC run Linux or Android on i.MX8M

Filed under
Android
Linux
Hardware

Variscite’s 55 x 30mm “DART-MX8M” showcases NXP’s 1.5GHz, quad-A53 i.MX8M SoC with up to 4GB LPDDR4, up to 64GB eMMC, WiFi-ac, BT 4.2, PCIe, and HDMI 2.0, plus an optional carrier that’s also sold as a “VAR-DT8MCustomBoard” SBC.

Variscite unveiled a “coming soon” DART-MX8M computer-on-module and VAR-DT8MCustomBoard carrier board/SBC that tap NXP’s new i.MX8M SoC. The DART-MX8M follows other NXP-based DART modules, such as the i.MX UL based DART-6UL, which in November received a clock rate upgrade to up to 900MHz.

Read more

PiTalk, Gemini PDA, and Eelo take different paths to the Linux phone

Filed under
Linux
Hardware

The PiTalk is an RPi phone add-on board. The Gemini PDA is a clamshell re-spin of the Psion. Eelo is a privacy-oriented phone ROM. Samsung is planning to load Ubuntu desktops on Galaxy phones. They all want to reinvent the Linux phone concept.

Since our September story surveying a new crop of Linux smartphone contenders, including the Raspberry Pi based ZeroPhone and Purism’s Librem 5, we’ve seen several more Linux phone projects pop into view. New entries covered here include a successfully Kickstarted PiTalk phone add-on for the Raspberry Pi. There’s also a Gemini PDA with 4G support that dual-boots Linux and Android. It won Indiegogo funding last year and has now opened for additional orders.

Read more

Also: Tiny solderable quad Cortex-A17 module has 4GB RAM and HDMI 2.0

Tiny industrial temperature module runs Linux on a Zynq-7000

Filed under
Linux
Hardware

iWave’s “iW-RainboW-G28M” is a SODIMM-style module that runs Linux on a Zynq-7000 FPGA SoC, and offers -40 to 85°C support, up to 1GB DDR3, 512MB flash, a GbE controller, and optional WiFi/BT.

iWave has produced several Altera FPGA based computer-on-modules including the Cyclone V based IW-RainboW-G17D, but the 67.6 x 37mm, SODIMM form-factor iW-RainboW-G28M appears to be its first Xilinx Zynq based module. Other SODIMM-style Zynq COMs include PLDA’s SoMZ-7045.

Read more

ASUS Tinker Board S Is New Raspberry Pi-killer With Linux And Android Support (CES 2018)

Filed under
Linux
Hardware

At CES 2018, ASUS unveiled tons of small form factor hardware and expanded its family. PB40 and PN40 are two mini PCs that let combine power and portability. Chromebox 3 is Chromebox 2 successor with 8th Generation Intel Core processor with DDR4 2400 Memory. For Linux enthusiasts and DIYers, the good news came in the form of a new Raspberry Pi competitor.

Read more

Also: Mirabook laptop dock for smartphones coming in May

Gemini Runs GNU/Linux and Android

Filed under
Android
Linux
Hardware
  • Planet Computers Gemini hands-on: Nostalgia’s Android reboot

    For geeks of a certain generation, there’s something uncontrollably appealing about the Planet Computers Gemini. Fond memories of the classic Psion Series 5 are to blame, of course, and the Android-powered clamshell taps into that nostalgia with pitch-perfect accuracy. Having spent some time pecking at its keys, I have to say I’m swayed.

  • Hands-on with the Gemini PDA handheld PC with Android, Linux and a 6 inch display

    The Gemini PDA is a tiny computer that’s small enough to hold in one hand, but with a keyboard that makes it possible to touch-type… maybe.

    Planet Computer introduced the Gemini PDA nearly a year ago and launched a crowdfunding campaign to take the device from prototype to shipping product. Now it’s about ready to ship.

Hackable, Rockchip-based media player also offers NAS and retro gaming

Filed under
Android
GNU
Linux
Hardware

Cloud Media’s open source “Popcorn Hour Transformer Media Computer / NAS” computer is based on Pine64’s RK3328-based Rock64 SBC, and supports Linux and Android media player, NAS, and retro gaming.

Cloud Media has spun a new variant of its Popcorn Hour media player that is open source in hardware and software thanks to its mainboard: Pine64’s open source, quad-core Cortex-A53 Rock64 SBC. It’s available in a Media Computer and NAS (network attached storage) version for the same price of $95.90 (2GB LPDDR3/16GB eMMC) or $115.90 (4GB/32GB), not counting SATA storage.

Read more

RISC-V and Raspberry Pi Secure

Filed under
Linux
Hardware
Security
  • RISC-V Foundation Trumpets Open-Source ISAs In Wake Of Meltdown, Spectre

    The RISC-V Foundation says that no currently announced RISC-V CPU is vulnerable to Meltdown and Spectre and, in the wake of those bugs, stressed the importance of open-source development and a modern ISA in preventing vulnerabilities.

    In consumer computing, we usually only hear about two instruction set architectures (ISA): x86 and ARM. Classified as a complex instruction set, x86 dominates the desktop and server space. Since the rise of smartphones, however, reduced-instruction-set (RISC) ARM processors have dominated the mobile computing market. Beyond x86, there aren’t many complex instruction sets still in use, but there are still many relevant RISC designs despite ARM’s seeming ubiquity.

    The lesser known RISC-V ISA is among those being developed to take on ARM. It was created in the University of California, Berkeley and is unique because it’s open-source. The ISA is actively being worked on and is now overseen by the RISC-V Foundation, which includes companies such as AMD, Nvidia, Micron, Qualcomm, and Microsoft. An ISA alone doesn’t define a CPU design, though. RISC-V being open-source means that anyone is free to build their own CPU to implement the ISA, or their own compiler to build software that can run on RISC-V CPUs.

  • WHY RASPBERRY PI ISN’T VULNERABLE TO SPECTRE OR MELTDOWN

    Over the last couple of days, there has been a lot of discussion about a pair of security vulnerabilities nicknamed Spectre and Meltdown. These affect all modern Intel processors, and (in the case of Spectre) many AMD processors and ARM cores. Spectre allows an attacker to bypass software checks to read data from arbitrary locations in the current address space; Meltdown allows an attacker to read data from arbitrary locations in the operating system kernel’s address space (which should normally be inaccessible to user programs).

    Both vulnerabilities exploit performance features (caching and speculative execution) common to many modern processors to leak data via a so-called side-channel attack. Happily, the Raspberry Pi isn’t susceptible to these vulnerabilities, because of the particular ARM cores that we use.

    To help us understand why, here’s a little primer on so

Catalog of Linux Devices

Filed under
Linux
Hardware
  • January 2018 catalog of hacker-friendly SBCs

    This catalog accompanies our January 2018 round-up of hacker-friendly SBCs. Here, we provide brief descriptions, specs, pricing, and links to further details for all 103 SBCs.

    Our January 2018 hacker-friendly single board computer round-up comprises three resources: an overview of recent SBC market trends; this catalog, which provides descriptions, specs, pricing, and links to related LinuxGizmos coverage and supplier product pages for all 103 SBCs; and a Google docs spreadsheet that tabulates the key features and pricing for all 103 boards. Links to all three parts of our round-up are in the box below.

  • Ringing in 2018 with 103 hacker-friendly SBCs

    Welcome to our latest biannual round-up of hacker-friendly single board computers that run Linux or Android. Included are a brief review of recent SBC market trends, a catalog with key features, specs, and pricing of each SBC, and a table comparing them all.

    Relative to our June report, which was accompanied by a reader survey co-sponsored with Linux.com, our latest hacker-friendly single board computer (SBC) round-up has grown from 98 to 103 boards. Although there’s no survey here, we invite your comments in the discussion area at the bottom of this post.

    There are three parts to this round-up: this post, which provides an overview of recent SBC market trends and discusses our latest crop of hacker-friendly SBCs in general terms; a catalog post with brief descriptions, specs, pricing, and links to related LinuxGizmos coverage and supplier product pages for all 103 SBCs; and a Google docs spreadsheet that tabulates key features and pricing for all 103 boards. Links to each are in the box below.

Hardware Security Fiasco: The Latest

Filed under
Hardware
Security
  • Windows 10 Cumulative Update KB4056892 (Meltdown & Spectre Fix) Fails to Install

    Microsoft rolled out Windows 10 cumulative update KB4056892 yesterday as an emergency patch for systems running the Fall Creators Update in an attempt to fix the Meltdown and Spectre bugs affecting Intel, AMD, and ARM processors manufactured in the last two decades.

    But as it turns out, instead of fixing the two security vulnerabilities on some computers, the cumulative update actually breaks them down, with several users complaining that their systems were rendered useless after attempting to install KB4056892.

    Our readers pointed me to three different Microsoft Community threads (1, 2, 3) where users reported cumulative update KB4056892 issues, and in every case the problem appears to be exactly the same: AMD systems end up with a boot error before trying a rollback and failing with error 0x800f0845.

  • Linus Torvalds says Intel needs to admit it has issues with CPUs

    Linux creator Linus Torvalds has had some harsh words for Intel in the course of a discussion about patches for two [sic] bugs that were found to affect most of the company's processors.

  • We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

    In the wake of The Register's report on Tuesday about the vulnerabilities affecting Intel chips, Chipzilla on Wednesday issued a press release to address the problems disclosed by Google's security researchers that afternoon.

    To help put Intel's claims into context, we've annotated the text. Bold is Intel's spin.

  • When F00F bug hit 20 years ago, Intel reacted the same way

    A little more than 20 years ago, Intel faced a problem with its processors, though it was not as big an issue as compared to the speculative execution bugs that were revealed this week.

  • Meltdown, Spectre and the Future of Secure Hardware

    Meltdown and Spectre are two different—but equally nasty—exploits in hardware. They are local, read-only exploits not known to corrupt, delete, nor modify data. For local single user laptops, such as Librem laptops, this is not as large of a threat as on shared servers—where a user on one virtual machine could access another user’s data on a separate virtual machine.

    As we have stated numerous times, security is a game of depth. To exploit any given layer, you go to a lower layer and you have access to everything higher in the stack.

  • KPTI — the new kernel feature to mitigate “meltdown”
  • Astounding coincidence: Intel's CEO liquidated all the stock he was legally permitted to sell after learning of catastrophic processor flaws
  • Intel CEO sold all the stock he could after Intel learned of security bug

     

    While an Intel spokesperson told CBS Marketwatch reporter Jeremy Owens that the trades were "unrelated" to the security revelations, and Intel financial filings showed that the stock sales were previously scheduled, Krzanich scheduled those sales on October 30. That's a full five months after researchers informed Intel of the vulnerabilities. And Intel has offered no further explanation of why Krzanich abruptly sold off all the stock he was permitted to.

Syndicate content

More in Tux Machines

Today in Techrights

today's howtos

Open Hardware/RISC-V Latest

  • Brains behind seL4 secure microkernel begin RISC-V chip port
    Last week, the first RISC-V port of its seL4 microkernel was released by the Data61 division of the Australian government's Commonwealth Scientific and Industrial Research Organisation (CSIRO). seL4 is an open-source and highly secure version of the L4 microkernel that aims to be mathematically proven to be bug free, in that it works as expected as per its specifications. Meanwhile, RISC-V is an open-source instruction-set architecture, and is used as the blueprint for various open-source processor core designs – some of which are now shipping as real usable silicon, such as chips from SiFive and Greenwaves.
  • Dongwoon Anatech Licenses Codasip's Bk3 RISC-V Processor for Motor Control ICs for Mobile Camera
    Codasip, the leading supplier of RISC-V® embedded processor IP, announced today that Dongwoon Anatech, a technology leader in analog and power ICs for mobile phones, has selected Codasip’s Bk3 processor and Studio design tool for its next generation family of motor control IC products. Dongwoon Anatech, fabless analog semiconductor specialist, offers a wide range of analog products, including auto-focus driver IC for smartphones, AMOLED DC-DC converter, display power driver IC, and haptic driver IC.

Events: Video Conferences, Code.gov, and LibreOffice

  • How to video conference without people hating you
    What about an integrated headset and microphone? This totally depends on the type. I tend to prefer the full sound of a real microphone but the boom mics on some of these headsets are quite good. If you have awesome heaphones already you can add a modmic to turn them into headsets. I find that even the most budget dedicated headsets sound better than earbud microphones.
  • Learn about the open source efforts of Code.gov at this event
    The U.S. government has a department looking to spread open source projects, and members will be in Baltimore this week. Code.gov is looking to promote reuse of open source code within the government to cut down on duplicating development work, and spread use of the code throughout the country. On April 26 event at Spark Baltimore, team members from Code.gov, the U.S. Department of Transportation and the Presidential Innovation Fellowship are among those invited to be at a meetup to share more. Held from 12-3 p.m., the event will feature talks from the invited guests about what they’re working on and Federal Source Code Policy, as well as how it can apply locally, said organizing team member Melanie Shimano.
  • LibreOffice Conference 2018 Takes Place in Tirana, Albania, for LibreOffice 6.1
    While working on the next major LibreOffice release, The Document Foundation is also prepping for this year's LibreOffice Conference, which will take place this fall in Albania. The LibreOffice Conference is the perfect opportunity for new and existing LibreOffice developers, users, supporters, and translators, as well as members of the Open Source community to meet up, share their knowledge, and plan the new features of the next major LibreOffice release, in this case LibreOffice 6.1, due in mid August 2018. A call for papers was announced over the weekend as The Document Foundation wants you to submit proposals for topics and tracks, along with a short description of yourself for the upcoming LibreOffice Conference 2018 event, which should be filed no later than June 30, 2018. More details can be found here.
  • LibreOffice Conference Call for Paper
    The Document Foundation invites all members and contributors to submit talks, lectures and workshops for this year’s conference in Tirana (Albania). The event is scheduled for late September, from Wednesday 26 to Friday 28. Whether you are a seasoned presenter or have never spoken in public before, if you have something interesting to share about LibreOffice or the Document Liberation Project, we want to hear from you!