Intel’s TSX development grinds to halt

ship-wreckA bug in Intel’s Haswell CPU core TSX instructions has stopped developers from using the chip function, according to Techreport 

The TSX instructions promise to make certain types of multithreaded applications run much faster than they can today.

But that work may stop because Haswell’s TSX implementation has bugs that can cause critical software failures.

Intel revealed the news of the bug to a group of hacks during briefings in Portland last week. The TSX problem was apparently discovered by a software developer outside of Intel and it is a cock up of huge proportions.  Bugs of this size aren’t often discovered this late in the life of a CPU core.

Intel has disabled the TSX instructions in current products using a CPU microcode update delivered via new revisions of motherboard firmware.

While disabling TSX should ensure stable operation for Haswell CPUs, it does mean that those chips will no longer be capable of supporting TSX’s features, including hardware lock elision and restricted transactional memory.

If any software developer does want to work with TSX will have to avoid updating their systems to newer firmware revisions and retain the risk of TSX-related memory corruption or crashes.

The bug was discovered too late to be fixed in the first revision of Intel’s upcoming Broadwell Y-series chips and will not be part of the Core M-based tablets to be released later this year. First production Broadwell chips will also have TSX disabled via microcode.

Intel said that it will have a fix for Broadwell’s next incarnation. Given that most Haswell and all Broadwell systems affected are shipping in consumer-class systems, the impact of this TSX snafu should be small. TSX is mostly for server-class applications. Intel’s server-class Xeon lineup relies on the older Ivy Bridge core, which lacks TSX.

Intel talks about Core-M

Intel-Core-MIntel has finally split the beans on the chip it hopes will start to make an impact on the tablet market.

Broadwell-based processors will carry the brand name, Core M, and they will target tablets that are less than nine millimeters thick and need no fans.

If it all works, it means that tablets will finally get a PC-class processor if it fails then mobile users will have a hot melted ball of plastic in their laps.

For those who came in late Broadwell uses Chipzilla’s Intel’s 14-nm manufacturing process. Getting the secret sauce right has been tricky, Broadwell has been delayed several times due to some teething problems with this new process.

Intel claims it has got the process right and is now ready for volume production.

Intel VP and Director of 14-nm Technology Development Sanjay Natarajan provided Tech Report   with some details about Broadwell.

Most importantly, he said that the new 14-nm process provides true scaling from the prior 22-nm node, with virtually all of the traditional benefits of Moore’s Law intact. So rather than giving up on Moore’s Law, Chipzilla is doing its best to prop it up.

This 14-nm process uses second generation tri-gate transistors or FinFETs. This actually puts Intel well ahead of rivals which have not even come up with first-generation FinFET silicon.

Looking at the fins comprising Intel’s tri-grate transistors, they appear to have become closer together at the 14-nm node with something called the fin pitch reduced from 60 to 42 nm.  The fins themselves have grown taller and thinner. This improves density, while the new fin structure allows for increased drive current and thus better performance. It all means that Intel can use fewer fins for some on-chip structures, further increasing the effective density of the process. Fewer fins means the chips are more power efficient.

The gate pitch has been reduced from 90 to 70 nm and, as shown above, the spacing of the smallest interconnects has dropped even more dramatically, from 80 to 52 nm.

Natarajan said the new chip can flip bits at higher speeds than prior generations while losing less power in the form of leakage along the way.

What he suggests also is that Intel will eventually have to move beyond Moore’s Law if it is going to evolve. The reason is not the technology, but the cost of following Moore’s Law.

Chipmakers have had to use ever more exotic techniques like double-patterning—creating two separate masks for photolithography and exposing them at a slight offset—in order to achieve higher densities. Doing so increases costs.

If moving to finer process nodes cannot reduce the cost per transistor, the march of ever-more-complex microelectronics could slow down. Some chipmakers have hinted that we will be approaching that point very soon.

Intel claims that so far there is no problem and the math continues to work well. Currently there is a steady decrease in cost per transistor through the 14-nm node and this should flow into the 10-nm process.

Broadwell’s CPU cores have received a number of tweaks over Haswell’s which Intel claims has increased instruction throughput per clock by about five percent. In keeping with Broadwell’s mobile focus, Intel’s architects set a high standard for any added features in this revision of the architecture.  Now a new feature must contribute two per cent more performance for every  per cent of added power use. In the good old days a 1:1 was considered great.

Intel has done a fair bit on the graphics too. Broadwell-Y’s IGP is an increase in the number of modular “slices” of graphics resources included.  There are three versus two in Haswell. Each slice has its own L1 cache, texture cache, and texture sampling/filtering hardware.

All this means is that Broadwell’s display block can drive 4K displays and can using fixed-function hardware in conjunction with the graphics EUs to process H.265 video.  This means that H.265 decoding on Broadwell-Y is “fast enough for 4K” and the chip can handle 4K resolutions at 30 Hz.

Xiaomi says sorry for spying

eclipse-chinaCheap as chips smartphone maker Xiaomi has said sorry for spying on its users address books.

The outfit said it has upgraded its operating system to ensure users knew it was collecting data from their address books.

Security firm F-Secure Oyg said the Chinese budget smartphone maker was taking personal data without permission.

Xiaomi said it was a terrible mistake and it had fixed a loophole in its cloud messaging system that had triggered the unauthorized data transfer and that the operating system upgrade had been rolled out on Sunday.

Part of the problem was that Xiaomi lets users avoid SMS charges by routing messages over the Internet rather than through a carrier’s network.  The way this is set up was similar to the system that got Apple into such hot water.

In a lengthy blogpost on Google Plus, Xiaomi Vice President Hugo Barra said sorry for the unauthorised data collection and said the company only collects phone numbers in users’ address books to see if the users are online.

He said the smartphone’s messaging system would now only activate on an “opt-in” basis and that any phone numbers sent back to Xiaomi servers would be encrypted and not stored.

Apple changed its iPhone operating system so that app developers would have to ask explicitly for permission before accessing address book data.

US Patent Office is lazy

lazyThe US Patent Office has found out that one of the reasons why so many obvious patents are awarded to trolls might be because the US Patent Office is jolly lazy.

Following several whistleblower complaints, the US Patent and Trademark Office began an internal investigation two years ago into a programme which allowed employees to work from home.

Some of the 8,300 patent examiners, about half of whom work from home full time, lied about  hours they were putting in and received bonuses for work they didn’t do. While supervisors knew what they were doing, top agency officials blocked their efforts.

Effectively examiners could do what they like, when they liked, and charge what they like and do basically nothing.

To make matters worse, when it came time last summer for the patent office to turn over the findings to its outside watchdog, the most damaging revelations had “disappeared.”

The final report sent to Commerce Department Inspector General Todd Zinser concluded that it was impossible to know if the whistle-blowers’ allegations of systemic abuses were true.  This was different from the original USPO report which described systematic abuse of the system.

The agency’s army of examiners and other officials has been falling behind, with a backlog of patent applications swelling to more than 600,000 and estimated waiting times of more than five years.

Chief communications officer Todd Elmer called the original report a “rough draft for discussion purposes” that was an “initial attempt to describe the full investigation record”.

We guess he means that the first report got his department into so much trouble it was better to prepare a report that said there were not problems here and no one would have be fired.

Elmer said that the original report was looked at by a lawyer who said that most of the allegations were unproved so they had to be ignored. This is a little odd because both versions of the report were written by chief administrative officer Frederick Steckler.

Our guess is that the US Patent Office will be providing material for trolls for many years at this rate.

Apple makes more tablets

tabletDespite losing ground to more reasonably priced tablets, the fruity cargo cult is bashing out some more.

According to Bloomberg  Apple’s suppliers have begun manufacturing new iPad tablets in a desperate bid to revive flagging sales.

Apple has seen growth plummet from 2012, as larger phones became more popular and people delayed replacing their tablets.

Bloomberg said that mass production of the iPad with a 9.7-inch (24.6-cm) screen has already started, and it is likely to be unveiled by the end of current quarter or early next quarter.

A new version of the 7.9-inch iPad mini is also entering production and is likely to be available by the end of the year, Bloomberg said.

Even if the tablets don’t make any impact on the consumer market, Apple must be hoping that its partnership with IBM might net a few more sales by entering into a largely untapped corporate market.

That is if IBM can convince corporations that they really want less secure Apple gear on networks which are mostly based around Microsoft.

Apple shipped 13.2 million iPads in the June quarter, 8 percent less than a year earlier. Sales of the devices, which accounted for 15 percent of Job’s Mobs’  revenue, fell short of Wall Street’s expectations for the second quarter in a row.

McDonald’s takes control of lost satellite

mcdonaldsAn independent team of boffins, working from an abandoned McDonalds, is taking control of a a NASA satellite and running a crowdfunded mission. The entire project uses old radio parts from eBay and a salvaged flat screen TV.

The ISEE-3 is a disco-era satellite that used to measure space weather like solar wind and radiation, but went out of commission decades ago.

Now, a small team led by a former NASA employee Keith Cowing,  has taken control of the satellite with NASA’s blessing.

The satellite’s battery has been dead for over 20 years, but it had solar panels to power 98 percent of the satellite’s full capabilities. When it was working it ran missions around the Moon and Earth, and flew through the tail of a comet.

Everyone knew it would come back in 2014, but NASA was not sure it was a project worth rescuing.

Since the satellite went offline, the team had retired, the documentation was lost and the equipment became outdated.

A crowdfunding campaign raised $160,000 to get the satellite back into service.

At the outset of the crowdfunding campaign, they brought the idea to NASA, but there was no precedent on which to base an agreement. No external organization has ever taken command of a spacecraft, but NASA didn’t want to say no, so they asked the team if they needed any help.

Their new control centre, has been dubbed “McMoon’s.” For their console, they pulled a broken flatscreen TV from a government dumpster and fixed the power supply. The other pieces are from eBay, including a Mac laptop and some radio parts.

With just those bare-bones pieces, they were able to MacGyver a computer-radio hybrid that made contact with the ISEE-3.

Once they were able to communicate with the satellite, they established a new orbit around the Sun, slightly larger than the Earth’s orbit. This will allow more testing. It will be providing solar weather data and then open sourcing it.

Google has been helping the team build a site that will open up the data to the world. Everything coming from the satellite will be available in different formats and packages so that anyone can get it.

 

Microsoft’s bottom line stripped

spankingMicrosoft is being seriously spanked by people buying naked PCs and installing pirated versions of its operating system, particularly in China.

Vole said that too few people in emerging markets are willing to pay for legitimate copies and this is holding back the spread of its newest Windows 8 version.

Ironically analysts say even buyers of pirate software prefer older versions and more than 90 percent of PCs in China, are running pre-8 versions of Windows.

Microsoft is trying to tackle the problem by offering Windows 8 at a discount to PC manufacturers who install its Bing search engine as the default. And it’s giving away versions of Windows 8 for phones and some tablets.

However Reuters  thinks that masks the fact that Redmond never really worked out how to get people in emerging markets to pay for its software.

In 2011, then CEO Steve Ballmer told employees that, because of piracy, Microsoft earned less revenue in China than in the Netherlands even though China bought as many computers as the United States.

This hurts Microsoft because 56 percent of its global revenue and 78 percent of operating profit came from Windows and Office.

In China PC makers working on wafer-thin margins see the operating system is one of the costliest parts of the machine.

The result is that up to 60 percent of PCs shipped in the emerging markets of Asia, have no Windows operating system pre-installed and carry some free, open source operating system like Linux. However once the owners get them home they just download a hot copy of Windows and Office.

Some Chinese retailers even offer “bundles” of pirated copies of Microsoft software alongside the main sale.

Microsoft has had a job getting respected firms like Lenovo to stop shipping naked PCs, but the Chinese firm countered that its margins were too low. China announced a new law requiring PCs to be shipped with operating systems. That merely dented piracy rates, which fell to 79 percent in 2009 from 92 percent in 2004.

Lenovo has reached an agreement with Microsoft in June to ensure that Lenovo PCs sold in China would come pre-installed with a genuine Windows operating system.

The way Microsoft has done this is to push the price of Windows low enough to make it worth a PC maker’s while. The cost of a Windows license has fallen to below $50 from as high as $150.  So far it is not clear if that has worked.

 

NSA makes many become one

shoe phoneBoffins at Carnegie Mellon University, sponsored by the US’s number one spying outfit, has come up with a programming Esperanto which unites all different programming languages under a single umbrella.

Any excitement about the development is that since it is funded by the NSA it will be full of backdoors which can harvest personal details on behalf of the US government, but you can still admire the technology.

Dubbed Wyvern which was a mythical dragon-like thing that only has two legs instead of four it helps programmers design apps and websites without having to rely on a whole bunch of different stylesheets and different amalgamations spread across different files.

Jonathan Aldrich, the researcher developing the language, wrote in his blog that Web applications are written as a poorly-coordinated mishmash of artifacts written in different languages, file formats, and technologies. For example, a web application may consist of JavaScript code on the client, HTML for structure, CSS for presentation, XML for AJAX-style communication, and a mixture of Java, plain text configuration files, and database software on the server.

“This diversity increases the cost of developers learning these technologies. It also means that ensuring system-wide safety and security properties in this setting is difficult, he said.

This creates security problems, which was why the NSA was interested. After all it has protect its own systems from hackers.

Wyvern can automatically tell what language a person is programming in, based solely on the type of data that’s being manipulated. That means that if the language detects you are editing a database, for instance, it’ll automatically assume you’re using SQL. The language is still a prototype and is all open saucy

Megacorps get the hard word

Judge-DreedA settlement between Apple, three other IT outfits and their employees has been rejected by a judge saying it was too low given the strength of the case against the employers.

Apple, Google, Intel  and Adobe failed to persuade  US District Judge Lucy Koh to sign off on a $324.5 million settlement to resolve a lawsuit by tech workers, who accused the firms of conspiring to avoid poaching each other’s employees.

Koh in San Jose, California, said there was “substantial and compelling evidence” that Apple Messiage founder Steve Jobs “was a, if not the, central figure in the alleged conspiracy,” Koh wrote

In their 2011 lawsuit, the tech employees said the conspiracy had limited their job mobility and, as a result, kept a lid on salaries. The case has been closely watched because of the possibility of big damages being awarded and for the opportunity to peek into the world of some of America’s elite tech outfits.

The whole case was based largely on emails in which Jobs and Google’s  Eric Schmidt hatched plans to avoid poaching each other’s prized engineers.

In rejecting the settlement, Koh referred to one email exchange which occurred after a Google recruiter solicited an Apple employee. Schmidt told Jobs that the recruiter would be fired. Jobs then forwarded Schmidt’s note to a top Apple human resources executive with a smiley face.

The four companies agreed to settle with the workers in April shortly before trial. The plaintiffs had planned to ask for about $3 billion in damages at trial, which could have tripled to $9 billion under antitrust law.

The plaintiffs are worried because workers faced serious risks on appeal had the case gone forward.

But Koh repeatedly referred to a related settlement last year involving Disney and Intuit. Apple and Google workers got proportionally less in the latest deal compared to the one involving Disney under the settlement.

To match the earlier settlement, the latest deal “would need to total at least $380 million,” Koh wrote.

A further hearing in the case is scheduled for September 10.

For all wif-fi needs — ask the cat

cat-at-laptop-275A US bloke has catapulted into five minutes of fame in the silly season by wiring his grannie’s cat up to sniff out wi-fi networks in his neighbourhood.

Security researcher Gene Bransfield seized his nan’s moggie Coco and stuffed his collar loaded with a Spark chip, a Wi-Fi module, a GPS module, and a battery. Bransfield reasoned that Coco would visit most places in the area and he could use the moggie to sniff out networking catastrophes such as unsecured, or at least poorly secured, wireless access points. These were then categorised by Bransfield as good, bad or cataclysmic.

Coco sniffed out dozens of wi-fi networks, with four of them using easily broken WEP security, and another four that had no security at all.

Bransfield dubbed the whole method as “WarKitteh” which is sort of a mixture of wardriving and lolcat and apparently, you can convert your moggie to something more useful for only a $100.

Of course, everyone knows that cats are evil and only get away with it because they purr and are so so soft and any network work is bound to be part of some devilish plot. “WarKitteh” allows a hacker to send their moggie out with the same collar, identify open Wi-Fi connections, hack them and use them to do evil hacker sorts of things.

Cats are a notoriously unreliable network tool. They may spend 23 hours catatonic and then, when they finally move, will go nowhere near anyone’s wi-fi for days.

NSA proof phone rooted in five minutes

756px-Lu_Zhishen_Water_Margin_2The ultra secure “NSA-Proof “Blackphone was hacked in just inside five minutes during a Blackhat hacking conference.

@TeamAndIRC rooted the device without needing to unlock the bootloader and turned on ADB on the device. The vulnerability that allowed this to happen is now semi-fixed and needs the user to take action to be able to exploit the weakness.

Blackphone was made by Silent Circle and Geeksphone, and it is designed to provide a suite of secure services running on a fork of the Android Open Source Project (AOSP). Called PrivatOS, it is meant to provide a consumer level access to secure options that protect personal data from being leaked to third parties.

It was dubbed as “nsa proof” by her Majesty’s loyal press mostly as what passes for humour in such circles, because it came out after the Snowden affair.

Still its ironic that yet again even the most secure of Android phones are susceptible to the inherent to Android OS which was never built with security in mind.

Blackberry and Blackphone have been scrapping over which one is the most secure.  BlackBerry, sniffed that Blackphone was okay for the average Joe and plain Jane, but“unacceptable” for enterprise and pretty customers. The reason was that Blackberry could protect the whole of the communication because it controlled the network, while the Blackphone could only look after the client end.

@TeamAndIRC assures everyone that it will be working out how to prove that Blackberry is just as bad and will get onto it right now.

 

 

 

 

 

Shark hunter says Ellison needs a bigger boat

jawsTop security analyst David Litchfield has returned to hunting holes in Oracle software, after a comparatively less daunting task of finding Great White Sharks, and he apparently found  Larry Ellison’s team has not improved during his time off.

Litchfield retired a few years ago from his job of creating major headaches for Oracle and went scuba diving and looking for sharks. Apparently, the sharks gig was dull in comparison to his job hunting holes in Oracle software so he returned to dry land.

Litchfield has been looking at Ellison’s new data redaction service called the Oracle 12c. The service is designed to allow administrators to mask sensitive data, such as credit card numbers or health information, during certain operations.

However Litchfield told the Black Hat USA conference that it is packed with trivially exploitable vulnerabilities

If Oracle had followed any sort of software development life cycle instead of just paying lip service to it, every one of these flaws would have been caught. It is kindergarten stuff, he said.

Litchfield found several methods for bypassing the data redaction service and tricking the system into returning data that should be masked.

Litchfield said that it was so simple to hack the service he did not feel right calling them exploits.

He said Oracle was still not learning he lessons that people were leaning in 2003. He said that in the space of a few minutes he could find a bunch of things that I can send to Oracle as exploitable.

The data redaction bypasses that Litchfield found have been patched, but he said he recently sent Oracle a critical flaw that enables a user gain control of the database. That flaw is not patched yet but is coming.

Nanomagnets improve supercomputers

magnet-manNanomagnet computer chips appear to make supercomputers run more efficiently, according to  researchers at the Technical University of Munich in Germany.

Irina Eichwald and her team of boffins have been using microchips made from tiny magnets rather than conventional power-hungry transistors may enable intensive number-crunching tasks.

On traditional silicon the bits of information, 0s and 1s, are represented by voltages across a transistor, each of which needs its own wire. Magnets can do the same job by switching their pole orientation: pointing north-south represents 1, say, and south-north is 0.

Eichwald found that flipping poles takes less energy than running current through a wire, so they need less power to run.

Nanomagnets have already been seen on microchips  but have been placed only on a single layer because they need extra space to work properly.

Now Eichwald has worked out a way to rival the density of transistor-based designs and grown a chip which is 100 nanomagnets deep.

Her team made a logic gate from stacked arrays of nanomagnets. Instead of wires, a handful of magnets above the chip induced magnetic fields. The magnets then flip their orientation one after the other, like dominoes, to the magnet performing the actual operation. In a test, the magnetic chip used 1/35th of the power a transistor used.

“A huge number of computing processes can now be done simultaneously with very low power consumption as you don’t need the connecting wires transistors need. You only need to generate a magnetic field across the chip,” says Eichwald.

New Scientist http://www.newscientist.com/article/mg22329812.800-magnets-join-race-to-replace-transistors-in-computers.html#.U-RmOPmSyUY  says that the technology is one of a few which is in the race to replace silicon.

Questions posed about mega-hack

wargames-hackerQuestions have been raised among the security community about a huge attack on US systems which is alleged to have stolen 1.2 billion user name and password combinations and more than 500 million email addresses.

The hack was discovered by an outfit called Hold Security and was claimed to include confidential material gathered from 420,000 websites, including household names, and small Internet sites.

Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems, so it should have been seen as a reliable source.

The company said the attack was found after more than seven months of research and was being carried out by a Russian cyber gang which is currently in possession of the largest cache of stolen data. While the gang did not have a name, we dubbed it “CyberVor”.

All cool stuff, but many of the comments about the hack online centre on the fact that Hold Security happens to offer a $120/month breach notification service so that people can find out if the hackers have their passwords on file.

Others have focused on the fact that Hold Security timed the announcement to fit with the Black Hat Security conference to spark a debate on password security.

PC World  said there were unanswered questions about the hack.

Hold Security said the hacking group started out buying stolen credentials on the black market, then used those credentials to launch other attacks. However, it is unclear how many credentials they bought and how many of the 1.2 billion they culled themselves. In other words, this database, if it exists, could be full of ancient data.

It is also not clear if the passwords that are alleged to be stolen came from important financial sites or less important ones. It is also questionable what the hackers would do with those details.

If they are fresh credentials for important services like online banking, they are ripe to be used to siphon money from online accounts. If they are older or from little-used services, they might be used to send spam by email or post it in online forums.

 

 

Microsoft kills support for old IE

firing-squadSoftware giant Microsoft has decided to pull the support plug on old versions of Internet Explorer.

Of course that is not what Microsoft said on its blog. It tells you that it is “prioritising helping users stay up-to-date with the latest version of Internet Explorer.”

Vole said that outdated browsers represent a major challenge in keeping the Web “egosystem” safer and more secure, as modern Web browsers have better security protection.

Internet Explorer 11 includes features like Enhanced Protected Mode to help keep customers safer. It should come as no surprise that the most recent, fully-patched version of Internet Explorer is more secure than older versions, Vole wrote.

To force the hand of users, from January 12, 2016, the following operating systems and browser version combinations will be supported:

Windows Platform Internet Explorer Version
Windows Vista SP2 Internet Explorer 9
Windows Server 2008 SP2 Internet Explorer 9
Windows 7 SP1 Internet Explorer 11
Windows Server 2008 R2 SP1 Internet Explorer 11
Windows 8.1 Internet Explorer 11
Windows Server 2012 Internet Explorer 10
Windows Server 2012 R2 Internet Explorer 11

After January 12, 2016, only the most recent version of Internet Explorer available for a supported operating system will receive technical support and security updates.

Customers using Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 on Windows 7 SP1 should migrate to Internet Explorer 11 to continue receiving security updates and technical support. For more details regarding support timelines on Windows and Windows Embedded, see the Microsoft Support Lifecycle site.

Vole said that it is introducing new features and resources to help customers upgrade and stay current on the latest browser.