Language Selection

English French German Italian Portuguese Spanish

Hardware

Gemini Runs GNU/Linux and Android

Filed under
Android
Linux
Hardware
  • Planet Computers Gemini hands-on: Nostalgia’s Android reboot

    For geeks of a certain generation, there’s something uncontrollably appealing about the Planet Computers Gemini. Fond memories of the classic Psion Series 5 are to blame, of course, and the Android-powered clamshell taps into that nostalgia with pitch-perfect accuracy. Having spent some time pecking at its keys, I have to say I’m swayed.

  • Hands-on with the Gemini PDA handheld PC with Android, Linux and a 6 inch display

    The Gemini PDA is a tiny computer that’s small enough to hold in one hand, but with a keyboard that makes it possible to touch-type… maybe.

    Planet Computer introduced the Gemini PDA nearly a year ago and launched a crowdfunding campaign to take the device from prototype to shipping product. Now it’s about ready to ship.

Hackable, Rockchip-based media player also offers NAS and retro gaming

Filed under
Android
GNU
Linux
Hardware

Cloud Media’s open source “Popcorn Hour Transformer Media Computer / NAS” computer is based on Pine64’s RK3328-based Rock64 SBC, and supports Linux and Android media player, NAS, and retro gaming.

Cloud Media has spun a new variant of its Popcorn Hour media player that is open source in hardware and software thanks to its mainboard: Pine64’s open source, quad-core Cortex-A53 Rock64 SBC. It’s available in a Media Computer and NAS (network attached storage) version for the same price of $95.90 (2GB LPDDR3/16GB eMMC) or $115.90 (4GB/32GB), not counting SATA storage.

Read more

RISC-V and Raspberry Pi Secure

Filed under
Linux
Hardware
Security
  • RISC-V Foundation Trumpets Open-Source ISAs In Wake Of Meltdown, Spectre

    The RISC-V Foundation says that no currently announced RISC-V CPU is vulnerable to Meltdown and Spectre and, in the wake of those bugs, stressed the importance of open-source development and a modern ISA in preventing vulnerabilities.

    In consumer computing, we usually only hear about two instruction set architectures (ISA): x86 and ARM. Classified as a complex instruction set, x86 dominates the desktop and server space. Since the rise of smartphones, however, reduced-instruction-set (RISC) ARM processors have dominated the mobile computing market. Beyond x86, there aren’t many complex instruction sets still in use, but there are still many relevant RISC designs despite ARM’s seeming ubiquity.

    The lesser known RISC-V ISA is among those being developed to take on ARM. It was created in the University of California, Berkeley and is unique because it’s open-source. The ISA is actively being worked on and is now overseen by the RISC-V Foundation, which includes companies such as AMD, Nvidia, Micron, Qualcomm, and Microsoft. An ISA alone doesn’t define a CPU design, though. RISC-V being open-source means that anyone is free to build their own CPU to implement the ISA, or their own compiler to build software that can run on RISC-V CPUs.

  • WHY RASPBERRY PI ISN’T VULNERABLE TO SPECTRE OR MELTDOWN

    Over the last couple of days, there has been a lot of discussion about a pair of security vulnerabilities nicknamed Spectre and Meltdown. These affect all modern Intel processors, and (in the case of Spectre) many AMD processors and ARM cores. Spectre allows an attacker to bypass software checks to read data from arbitrary locations in the current address space; Meltdown allows an attacker to read data from arbitrary locations in the operating system kernel’s address space (which should normally be inaccessible to user programs).

    Both vulnerabilities exploit performance features (caching and speculative execution) common to many modern processors to leak data via a so-called side-channel attack. Happily, the Raspberry Pi isn’t susceptible to these vulnerabilities, because of the particular ARM cores that we use.

    To help us understand why, here’s a little primer on so

Catalog of Linux Devices

Filed under
Linux
Hardware
  • January 2018 catalog of hacker-friendly SBCs

    This catalog accompanies our January 2018 round-up of hacker-friendly SBCs. Here, we provide brief descriptions, specs, pricing, and links to further details for all 103 SBCs.

    Our January 2018 hacker-friendly single board computer round-up comprises three resources: an overview of recent SBC market trends; this catalog, which provides descriptions, specs, pricing, and links to related LinuxGizmos coverage and supplier product pages for all 103 SBCs; and a Google docs spreadsheet that tabulates the key features and pricing for all 103 boards. Links to all three parts of our round-up are in the box below.

  • Ringing in 2018 with 103 hacker-friendly SBCs

    Welcome to our latest biannual round-up of hacker-friendly single board computers that run Linux or Android. Included are a brief review of recent SBC market trends, a catalog with key features, specs, and pricing of each SBC, and a table comparing them all.

    Relative to our June report, which was accompanied by a reader survey co-sponsored with Linux.com, our latest hacker-friendly single board computer (SBC) round-up has grown from 98 to 103 boards. Although there’s no survey here, we invite your comments in the discussion area at the bottom of this post.

    There are three parts to this round-up: this post, which provides an overview of recent SBC market trends and discusses our latest crop of hacker-friendly SBCs in general terms; a catalog post with brief descriptions, specs, pricing, and links to related LinuxGizmos coverage and supplier product pages for all 103 SBCs; and a Google docs spreadsheet that tabulates key features and pricing for all 103 boards. Links to each are in the box below.

Hardware Security Fiasco: The Latest

Filed under
Hardware
Security
  • Windows 10 Cumulative Update KB4056892 (Meltdown & Spectre Fix) Fails to Install

    Microsoft rolled out Windows 10 cumulative update KB4056892 yesterday as an emergency patch for systems running the Fall Creators Update in an attempt to fix the Meltdown and Spectre bugs affecting Intel, AMD, and ARM processors manufactured in the last two decades.

    But as it turns out, instead of fixing the two security vulnerabilities on some computers, the cumulative update actually breaks them down, with several users complaining that their systems were rendered useless after attempting to install KB4056892.

    Our readers pointed me to three different Microsoft Community threads (1, 2, 3) where users reported cumulative update KB4056892 issues, and in every case the problem appears to be exactly the same: AMD systems end up with a boot error before trying a rollback and failing with error 0x800f0845.

  • Linus Torvalds says Intel needs to admit it has issues with CPUs

    Linux creator Linus Torvalds has had some harsh words for Intel in the course of a discussion about patches for two [sic] bugs that were found to affect most of the company's processors.

  • We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

    In the wake of The Register's report on Tuesday about the vulnerabilities affecting Intel chips, Chipzilla on Wednesday issued a press release to address the problems disclosed by Google's security researchers that afternoon.

    To help put Intel's claims into context, we've annotated the text. Bold is Intel's spin.

  • When F00F bug hit 20 years ago, Intel reacted the same way

    A little more than 20 years ago, Intel faced a problem with its processors, though it was not as big an issue as compared to the speculative execution bugs that were revealed this week.

  • Meltdown, Spectre and the Future of Secure Hardware

    Meltdown and Spectre are two different—but equally nasty—exploits in hardware. They are local, read-only exploits not known to corrupt, delete, nor modify data. For local single user laptops, such as Librem laptops, this is not as large of a threat as on shared servers—where a user on one virtual machine could access another user’s data on a separate virtual machine.

    As we have stated numerous times, security is a game of depth. To exploit any given layer, you go to a lower layer and you have access to everything higher in the stack.

  • KPTI — the new kernel feature to mitigate “meltdown”
  • Astounding coincidence: Intel's CEO liquidated all the stock he was legally permitted to sell after learning of catastrophic processor flaws
  • Intel CEO sold all the stock he could after Intel learned of security bug

     

    While an Intel spokesperson told CBS Marketwatch reporter Jeremy Owens that the trades were "unrelated" to the security revelations, and Intel financial filings showed that the stock sales were previously scheduled, Krzanich scheduled those sales on October 30. That's a full five months after researchers informed Intel of the vulnerabilities. And Intel has offered no further explanation of why Krzanich abruptly sold off all the stock he was permitted to.

Meltdown/Spectre 'Damage Control'

Filed under
Hardware
Security
  • Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers
  • Massive Intel Chip Security Flaw Threatens Computers

    A design flaw in all Intel chips produced in the last decade is responsible for a vulnerability that puts Linux, Windows and macOS-powered computers at risk, according to multiple press reports. The flaw reportedly is in the kernel that controls the chip performance, allowing commonly used programs to access the contents and layout of a computer's protected kernel memory areas. The Linux kernel community, Microsoft and Apple have been working on patches to their operating systems to prevent the vulnerability.

  • What Linux Users Must Know About Meltdown and Spectre Bugs Impacting CPUs

    While these bugs impact a huge number of devices, there has been no widespread attacks so far. This is because it’s not straightforward to get the sensitive data from the kernel memory. It’s a possibility but not a certainty. So you should not start panicking just yet.

  • Loose threads about Spectre mitigation

    KPTI patches are out from most vendors now. If you haven't applied them yet, you should; even my phone updated today (the benefits of running a Nexus phone, I guess). This makes Meltdown essentially like any other localroot security hole (ie., easy to mitigate if you just update, although of course a lot won't do that), except for the annoying slowdown of some workloads. Sorry, that's life.

    Spectre is more difficult. There are two variants; one abuses indirect jumps and one normal branches. There's no good mitigation for the last one that I know of at this point, so I won't talk about it, but it's also probably the hardest to pull off. But the indirect one is more interesting, as there are mitigations popping up. Here's my understanding of the situation, based on random browsing of LKML (anything in here may be wrong, so draw your own conclusions at the end):

    Intel has issued microcode patches that they claim will make most of their newer CPUs (90% of the ones shipped in the last years) “immune from Spectre and Meltdown”. The cornerstone seems to be a new feature called IBRS, which allows you to flush the branch predictor or possibly turn it off entirely (it's not entirely clear to me which one it is). There's also something called IBPB (indirect branch prediction barrier), which seems to be most useful for AMD processors (which don't support IBRS at the moment, except some do sort-of anyway, and also Intel supports it), and it works somewhat differently from IBRS, so I don't know much about it.

  • The disclosure on the processor bugs

    The rumored bugs in Intel (and beyond) processors have now been disclosed: they are called Meltdown and Spectre, and have the requisite cute logos. Stay tuned for more.

    See also: this Project Zero blog post. "Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01."

    See also: this Google blog posting on how it affects users of Google products in particular. "[Android] devices with the latest security update are protected. Furthermore, we are unaware of any successful reproduction of this vulnerability that would allow unauthorized information disclosure on ARM-based Android devices. Supported Nexus and Pixel devices with the latest security update are protected."

  • How the Meltdown Vulnerability Fix Was Invented

    A major security flaw has surfaced that’s thought to affect all Intel microprocessors since at least 2011, some ARM processors and, according to Intel, perhaps those of others. Unusually, the exploit, called Meltdown, takes advantage of the processors’ hardware rather than a software flaw, so it circumvents security schemes built into major operating systems.

  • Why Intel x86 must die: Our cloud-centric future depends on open source chips

    Two highly publicized security flaws in the Intel x86 chip architecture have now emerged. They appear to affect other microprocessors made by AMD and designs licensed by ARM.

    And they may be some of the worst computer bugs in history -- if not the worst -- because they exist in hardware, not software, and in systems that number in the billions.

    These flaws, known as Meltdown and Spectre, are real doozies. They are so serious and far-reaching that the only potential fix in the immediate future is a software workaround that, when implemented, may slow down certain types of workloads as much as 30 percent.

  • Intel Acknowledges Chip-Level Security Vulnerability In Processors

    Security researchers have found serious vulnerabilities in chips made by Intel and other companies that, if exploited, could leave passwords and other sensitive data exposed.

  • ​How Linux is dealing with Meltdown and Spectre

    He's not the only one unhappy with Intel. A Linux security expert is irked at both Google and Intel. He told me that Google Project Zero informed Intel about the security problems in April. But neither Google nor Intel bothered to tell the operating system vendors until months later. In addition, word began to leak out about the patches for these problems. This forced Apple, the Linux developers, and Microsoft to scramble to deliver patches to fundamental CPU security problems.

    The result has been fixes that degrade system performance in many instances. While we don't know yet how badly macOS and Windows will be affected, Michael Larabel, a Linux performance expert and founder of the Linux Phoronix website, has ran benchmarks on Linux 4.15-rc6, a Linux 4.15 release candidate, which includes Kernel Page Table Isolation (KPTI) for Intel's Meltdown flaw.

  • [Fedora] Protect your Fedora system against Meltdown

    You may have heard about Meltdown, an exploit that can be used against modern processors (CPUs) to maliciously gain access to sensitive data in memory. This vulnerability is serious, and can expose your secret data such as passwords. Here’s how to protect your Fedora system against the attack.

  • Today's CPU vulnerability: what you need to know

    The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.

  • Apple says Spectre and Meltdown vulnerabilities affect all Mac and iOS devices

    Technology companies are working to protect their customers after researchers revealed that major security flaws affecting nearly every modern computer processor could allow hackers to steal stored data — including passwords and other sensitive information — on desktops, laptops, mobile phones and cloud networks around the globe.

    The scramble to harden a broad array of devices comes after researchers found two significant vulnerabilities within modern computing hardware, one of which cannot be fully resolved as of yet. Experts say the disclosure of the critical flaws underscores the need to keep up with software updates and security patches and highlights the role independent research plays in prodding tech companies to minimize security weaknesses.

  • Intel CEO Sold $24 Million In Stocks After Google Exposed 10 Year Old Vulnerabilities

    In the month of November last year, Intel CEO Brian Krzanich sold off a big chunk of his company stocks worth $24 million (245,743 shares). The stocks were valued at $11 million back then. Now, the CEO is left with just 250,000 shares which fulfill the minimum requirement to continue his job.

  • “Meltdown” And “Spectre” Flaws: Affecting Almost All Devices With Intel, AMD, & ARM CPUs

    Just yesterday, a report from The Register disclosed a massive security screwup on behalf of Intel, which impacted nearly all chips manufactured in the past ten years. It was also reported that future patches released by the developers of Windows and Linux kernel could reduce the performance of devices up to 5-30%. That’s a lot.

  • Security updates for Thursday

    As might be guessed, a fair number of these updates are for the kernel and microcode changes to mitigate Meltdown and Spectre. More undoubtedly coming over the next weeks.

  • A collection of Meltdown/Spectre postings
  • Mitigations landing for new class of timing attack

    Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Our internal experiments confirm that it is possible to use similar techniques from Web content to read private information between different origins. The full extent of this class of attack is still under investigation and we are working with security researchers and other browser vendors to fully understand the threat and fixes. Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. This includes both explicit sources, like performance.now(), and implicit sources that allow building high-resolution timers, viz., SharedArrayBuffer.

  • Is PowerPC susceptible to Spectre? Yep.

    Meltdown is specific to x86 processors made by Intel; it does not appear to affect AMD. But virtually every CPU going back decades that has a feature called speculative execution is vulnerable to a variety of the Spectre attack. In short, for those processors that execute "future" code downstream in anticipation of what the results of certain branching operations will be, Spectre exploits the timing differences that occur when certain kinds of speculatively executed code changes what's in the processor cache. The attacker may not be able to read the memory directly, but (s)he can find out if it's in the cache by looking at those differences (in broad strokes, stuff in the cache is accessed more quickly), and/or exploit those timing changes as a way of signaling the attacking software with the actual data itself. Although only certain kinds of code can be vulnerable to this technique, an attacker could trick the processor into mistakenly speculatively executing code it wouldn't ordinarily run. These side effects are intrinsic to the processor's internal implementation of this feature, though it is made easier if you have the source code of the victim process, which is increasingly common.

Latest on Hardware Catastrophe

Filed under
Hardware
Security

Librem Tablet In 2018

Filed under
GNU
Linux
Hardware
  • Purism Planning To Release Their Librem Tablet In 2018

    Not only is Purism working on their Librem 5 smartphone this year with hopes of still readying the software and hardware for shipping to consumers in 2019, but they are also planning to unveil their tablet this year.

    Todd Weaver, the founder and CEO of Purism, posted today about the company's goals for 2018. Besides releasing the development board for the Librem 5 phone this year and working on other efforts for their smartphone plans, they are also planning to "release the much-anticipated Librem tablet."

  • Happy New Year! Purism Goals for 2018

    Purism has some lofty goals that seem more attainable with each advancement that we make. Our pace for these achievements is already impressive, and we plan on maintaining and exceeding that pace in 2018.

​Major Linux redesign in the works to deal with Intel security flaw

Filed under
Linux
Hardware
Security

Long ago, Intel made a design mistake in its 64-bit chips -- and now, all Intel-based operating systems and their users must pay the price.

Linux's developers saw this coming early on and patched Linux to deal with it. That's the good news. The bad news is it will cause at least a 5-percent performance drop. Applications may see far more serious performance hits. The popular PostgreSQL database is estimated to see at least a 17-percent slowdown.

How bad will it really be? I asked Linux's creator Linus Torvalds, who said: "There's no one number. It will depend on your hardware and on your load. I think 5 percent for a load with a noticeable kernel component (e.g. a database) is roughly in the right ballpark. But if you do micro-benchmarks that really try to stress it, you might see double-digit performance degradation."

Read more

Phoronix on Impact of Colossal x86 Bug

Filed under
Hardware
Security
  • Further Analyzing The Intel CPU "x86 PTI Issue" On More Systems

    Yesterday I posted the first benchmarks of the performance impact of these x86 PTI security changes that landed in the Linux 4.15 kernel just days ago. As outlined in that article, most of the slowdowns attributed to the page table isolation come down to slower I/O but not universally as it largely depends upon the I/O workload as well as the speed of the actual storage device. In most desktop-ish workloads, the impact of enabling x86 PTI is much less like with not seeing much of a change for gaming.

  • Linux Will End Up Disabling x86 PTI For AMD Processors

    While at the moment with the mainline Linux kernel Git tree AMD CPUs enable x86 PTI and are treated as "insecure" CPUs, the AMD patch for not setting X86_BUG_CPU_INSECURE will end up being honored.

    The patch covered in the aforelinked article has not been merged through to Linus Torvalds' Git tree. Instead, as of a short time ago, is now living within the tip/tip.git tree. In there is also defaulting PAGE_TABLE_ISOLATION to on and other recent fixes around x86 Page Table Isolation (PTI) support.

Syndicate content

More in Tux Machines

Android Leftovers

Graphics: XWayland and Mesa

  • XWayland Gets Patches For Better EGLStreams Handling
    While the recently released X.Org Server 1.20 has initial support for XWayland with EGLStreams so X11 applications/games on Wayland can still benefit from hardware acceleration, in its current state it doesn't integrate too well with Wayland desktop compositors wishing to support it. That's changing with a new patch series.
  • Intel Mesa Driver Finally Supports Threaded OpenGL
    Based off the Gallium3D "mesa_glthread" work for threaded OpenGL that can provide a measurable win in some scenarios, the Intel i965 Mesa driver has implemented this support now too. Following the work squared away last year led in the RadeonSI driver, the Intel i965 OpenGL driver supports threaded OpenGL when the mesa_glthread=true environment variable is set.
  • Geometry & Tessellation Shaders For Mesa's OpenGL Compatibility Context
    With the recent Mesa 18.1 release there is OpenGL 3.1 support with the ARB_compatibility context for the key Gallium3D drivers, but Marek Olšák at AMD continues working on extending that functionality under the OpenGL compatibility context mode.
  • Mesa Begins Its Transition To Gitlab
    Following the news from earlier this month that FreeDesktop.org would move its infrastructure to Gitlab, the Mesa3D project has begun the process of adopting this Git-centered software.

Welcome to Ubuntu 18.04: Make yourself at GNOME. Cup of data-slurping dispute, anyone?

Comment Ubuntu 18.04, launched last month, included a new Welcome application that runs the first time you boot into your new install. The Welcome app does several things, including offering to opt you out of Canonical's new data collection tool. The tool also provides a quick overview of the new GNOME interface, and offers to set up Livepatch (for kernel patching without a reboot). In my review I called the opt-out a ham-fisted decision, but did note that if Canonical wanted to actually gather data, opt-out was probably the best choice. Read more

How CERN Is Using Linux and Open Source

CERN really needs no introduction. Among other things, the European Organization for Nuclear Research created the World Wide Web and the Large Hadron Collider (LHC), the world’s largest particle accelerator, which was used in discovery of the Higgs boson. Tim Bell, who is responsible for the organization’s IT Operating Systems and Infrastructure group, says the goal of his team is “to provide the compute facility for 13,000 physicists around the world to analyze those collisions, understand what the universe is made of and how it works.” Read more