Intel's latest patches "stomped out three high-severity vulnerabilities and five medium-severity flaws," reports Threatpost: One of the more serious vulnerabilities exist in the Intel Processor Identification Utility for Windows, free software that users can install on their Windows machines to identify the actual specification of their processors. The flaw (CVE-2019-11163) has a score of 8.2 out of 10 on the CVSS scale, making it high severity. It stems from insufficient access control in a hardware abstraction driver for the software, versions earlier than 6.1.0731. This glitch "may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access" according to Intel. Users are urged to update to version 6.1.0731.

Intel stomped out another high-severity vulnerability in its Computing Improvement Program, which is program that Intel users can opt into that uses information about participants' computer performance to make product improvement and detect issues. However, the program contains a flaw (CVE-2019-11162) in the hardware abstraction of the SEMA driver that could allow escalation of privilege, denial of service or information disclosure...

A final high-severity flaw was discovered in the system firmware of the Intel NUC (short for Next Unit of Computing), a mini-PC kit used for gaming, digital signage and more. The flaw (CVE-2019-11140) with a CVSS score of 7.5 out of 10, stems from insufficient session validation in system firmware of the NUC. This could enable a user to potentially enable escalation of privilege, denial of service and information disclosure. An exploit of the flaw would come with drawbacks -- a bad actor would need existing privileges and local access to the victim system.
The article notes that the patches "come on the heels of a new type of side-channel attack revealed last week impacting millions of newer Intel microprocessors manufactured after 2012."

A new Bluetooth vulnerability named "KNOB" has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices. From a report: In a coordinated disclosure between Center for IT-Security, Privacy and Accountability (CISPA), ICASI, and ICASI members such as Microsoft, Apple, Intel, Cisco, and Amazon, a new vulnerability called "KNOB" has been disclosed that affects Bluetooth BR/EDR devices, otherwise known as Bluetooth Classic, using specification versions 1.0 - 5.1. This flaw has been assigned CVE ID CVE-2019-9506 and allows an attacker to reduce the length of the encryption key used for establishing a connection. In some cases, an attacker could reduce the length of an encryption key to a single octet.

"The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used," stated an advisory on Bluetooth.com. "In addition, since not all Bluetooth specifications mandate a minimum encryption key length, it is possible that some vendors may have developed Bluetooth products where the length of the encryption key used on a BR/EDR connection could be set by an attacking device down to a single octet."

intensivevocoder writes: Owners of Microsoft's Surface Pro 6 and Surface Book 2 systems are finding themselves stuck at Pentium 2 speeds, as numerous user complaints indicate that the ultra-portables are throttling the processor down to 400 MHz, a state that -- in some instances -- persists across reboots. While similar issues with Surface devices have occurred in the past, reports of issues have increased in frequency following a firmware update for the Surface Pro 6.

The throttle-lock appears to be caused by an Intel CPU flag called BD PROCHOT (bi-directional processor hot), which can be set by any peripheral, telling the processor to throttle down in order to decrease system temperature -- a useful flag in cases where the CPU is operating within thermal limits, but other components tied to the CPU are running too hot, because of the demands placed on other components by processes on the CPU.

The headphone jack is increasingly being omitted from smartphones and tablets, but what about laptops? When Apple launched the redesigned MacBook Pro in 2016, it decided to remove the SD card slot, full-sized USB Type A ports, and Thunderbolt 2 ports -- but keep the 3.5mm headphone jack, even though it axed the headphone jack in the 2016 iPhone 7. The reason, Apple said, had to do with the lack of wireless solutions for pro audio gear that many users use with their MacBooks. "If it was just about headphones then it doesn't need to be there," said Apple marketing chief Phil Schiller. "We believe that wireless is a great solution for headphones." He added: "But many users have set-ups with studio monitors, amps and other pro audio gear that do not have wireless solutions and need the 3.5mm jack."

While most laptops today still retain the headphone jack, that trend doesn't seem like it'll last for too much longer as the industry moves to embrace wireless audio. Laptop alternatives like Apple's iPad Pro and Samsung's Galaxy Tab S5e have both ditched the 3.5mm port, meaning it's only a matter of time until laptops themselves lose the port. Our question to you is: do you use the headphone jack on your laptop? Would you mind if a manufacturer removed the port to make room for a bigger battery or make the device slimmer and more portable? Let us know your thoughts below.

America's Defense Department "is looking to build tools that can quickly detect deepfakes and other manipulated media amid the growing threat of 'large-scale, automated disinformation attacks,'" reports Nextgov: The Defense Advanced Research Projects Agency on Tuesday announced it would host a proposers day for an upcoming initiative focused on curbing the spread of malicious deepfakes, shockingly realistic but forged images, audio and videos generated by artificial intelligence. Under the Semantic Forensics program, or SemaFor, researchers aim to help computers use common sense and logical reasoning to detect manipulated media.

As global adversaries enhance their technological capabilities, deepfakes and other advanced disinformation tactics are becoming a top concern for the national security community... Industry has started developing tech that use statistical methods to determine if a video or image has been manipulated, but existing tools "are quickly becoming insufficient" as manipulation techniques continue to advance, according to DARPA. "Detection techniques that rely on statistical fingerprints can often be fooled with limited additional resources," officials said in a post on FedBizOpps...

Beyond simply detecting errors, officials also want the tools to attribute the media to different groups and determine whether the content was manipulated for nefarious purposes. Using that information, the tech would flag posts for human review. "A comprehensive suite of semantic inconsistency detectors would dramatically increase the burden on media falsifiers, requiring the creators of falsified media to get every semantic detail correct, while defenders only need to find one, or a very few, inconsistencies," DARPA officials said.

But that's easier said than done. Today, even the most advanced machine intelligence platforms have a tough time understanding the world beyond their training data.

Rob Enderle reports on the excitement at AMD's Epyc processor launch in San Francisco: I've been at a lot of AMD events, and up until this one, the general message was that AMD was almost as good as Intel but not as expensive. This year it is very different; Intel has stumbled badly, and AMD is moving to take the leadership role in the data center, so its message isn't that it is nearly as good but cheaper anymore; it is that it has better customer focus, better security and better performance. Intel's slip really was around trust, and as Intel seemed to abandon the processor segment, OEMs and customers lost faith, and AMD is capitalizing on that slip...

AMD has always been relatively conservative, but Lisa Su, AMD's CEO, stated that the company has broken 80 performance records and that this new processor is the highest-performing one in the segment. This is one thing Lisa's IBM training helps validate; I went through that training myself and, at IBM, you aren't allowed to make false claims. AMD isn't making a false claim here. The new Epyc 2 is 64 cores and 128 threads and with PCIe generation 4, it has 128 lanes on top its 7nm technology, which currently also appears to lead the market. Over the years the average performance for the data center chips, according to Su, has improved around 15% per year. The last generation of Epyc exceeded this when it launched, but just slightly. This new generation blows the curve out; instead of 15% year-over-year improvement, it is closer to 100%...

Intel has had a number of dire security problems that it didn't disclose in timely fashion, making their largest customers very nervous. AMD is going after this vulnerability aggressively and pointing to how they've uniquely hardened Epyc 2 so that customers that use it have few, if any, of the concerns they've had surrounding Intel parts. Part of this is jumping to more than 500 unique encryption keys tied to the platform.
Besides Google and Twitter, AMD's event also included announcements from Hewlett-Packard Enterprise, Dell, Cray, Lenovo, and Microsoft Azure. For example, Hewlett Packard Enterprise has three systems immediately available with AMD's new processor, the article reports, with plan to have 9 more within the next 12 months. And their CTO told the audience that their new systems have already broken 37 world performance records, and "attested to the fact that some of the most powerful supercomputers coming to market will use this processor, because it is higher performing," calling them the most secure in the industry and the highest-performing.

"AMD came to play in San Francisco this week," Enderle writes. "I've never seen it go after Intel this aggressively and, to be frank, this would have failed had it not been for the massive third-party advocacy behind Epyc 2. I've been in this business since the mid-'80s, and I've never seen this level of advocacy for a new processor ever before. And it was critical that AMD set this new bar; I guess this was an extra record they set, but AMD can legitimately argue that it is the new market leader, at least in terms of both raw and price performance, in the HPC in the server segment.

"I think this also showcases how badly Intel is bleeding support after abandoning the IDF (Intel Developer Forum) conference."

itwbennett writes: Researchers from security firm Bitdefender discovered and reported a year ago a new CPU vulnerability that 'abuses a system instruction called SWAPGS and can bypass mitigations put in place for previous speculative execution vulnerabilities like Spectre,' writes Lucian Constantin for CSO.

There are three attack scenarios involving SWAPGS, the most serious of which 'can allow attackers to leak the contents of arbitrary kernel memory addresses. This is similar to the impact of the Spectre vulnerability.' Microsoft released mitigations for the vulnerability in July's Patch Tuesday, although details were withheld until August 6 when Bitdefender released its whitepaper and Microsoft published a security advisory.

Advanced Micro Devices on Wednesday released the second generation of its processor chip for data centers and said that it had landed Alphabet's Google and Twitter as customers. From a report: AMD competes against Intel to supply chips for data centers that power internet-based services. Both firms have come to rely on data center chips for growth because personal computer sales have stagnated as users shifted to mobile devices. AMD's newest generation of server chip, called EPYC, uses a new chip-making technology from its contract manufacturers that helps the chips have better performance while consuming less power. Intel, which makes chips in its own factories instead of relying on contractors, is behind schedule delivering chips made with its own newer manufacturing process. It plans to release them next year.

"Today, AMD launched its Rome Second Generation EPYC CPUs, the AMD EPYC 7001 & 7002 series," writes Slashdot reader SolarAxix. "Was the hype real? According to Anandtech's review of the top-of-the-line EPYC 7742 with 64 cores and 128 threads (for a total of 128 cores and 256 threads), it seems to be the case." From the report: ...So has AMD done the unthinkable? Beaten Intel by such a large margin that there is no contest? For now, based on our preliminary testing, that is the case. The launch of AMD's second generation EPYC processors is nothing short of historic, beating the competition by a large margin in almost every metric: performance, performance per watt and performance per dollar. "

An anonymous reader quotes TechRadar: AMD's Ryzen 3000 series processors, spearheaded by the Ryzen 7 3700X, have led what looks like an unprecedented assault on Intel's CPUs, at least going by the figures from one component retailer. The latest stats from German retailer Mindfactory (as highlighted on Reddit) for the month of July show that AMD sold an incredible 79% of all processor units, compared to 21% for Intel.

AMD's top-selling chip was the Ryzen 7 3700X, and get this: sales of that one single processor weren't far off equaling the sales of Intel's entire CPU range (at around the 80% mark of what Intel flogged). In June, AMD's overall market share was 68% at Mindfactory, so the increase to 79% represents a big jump, and the highest proportion of sales achieved by the company this year by a long way.

To put this in a plainer fashion, for every single processor sold by Intel, AMD sold four.

Ryzen 3rd-gen offerings have seemingly sold up a storm in the first couple weeks on shelves, and then slowed down, although that slippage is likely due to stock shortages rather than falling demand (the new flagship Ryzen 9 3900X chip is vanishingly thin on the ground, for example, and is therefore being flogged for extortionate prices on eBay in predictable fashion)... [W]e can throw in as many caveats as we like, but the plain truth (at least from this source) is that AMD's doing better than ever, and grabbing a truly startling proportion of CPU market share -- even with apparent stock issues providing some headwind.

An anonymous reader quotes IEEE Spectrum: Making smaller, better transistors for microprocessors is getting more and more difficult, not to mention fantastically expensive. Only Intel, Samsung, and Taiwan Semiconductor Manufacturing Co. (TSMC) are equipped to operate at this frontier of miniaturization. They are all manufacturing integrated circuits at the equivalent of what is called the 7-nanometer node... Right now, 7 nm is the cutting edge, but Samsung and TSMC announced in April that they were beginning the move to the next node, 5 nm. Samsung had some additional news: It has decided that the kind of transistor the industry had been using for nearly a decade has run its course. For the following node, 3 nm, which should begin limited manufacture around 2020, it is working on a completely new design.

That transistor design goes by a variety of names -- gate-all-around, multibridge channel, nanobeam -- but in research circles we've been calling it the nanosheet. The name isn't very important. What is important is that this design isn't just the next transistor for logic chips; it might be the last. There will surely be variations on the theme, but from here on, it's probably all about nanosheets....

All in all, stacking nanosheets appears to be the best way possible to construct future transistors. Chipmakers are already confident enough in the technology to put it on their road maps for the very near future. And with the integration of high-mobility semiconductor materials, nanosheet transistors could well carry us as far into the future as anyone can now foresee.

Intel's new generation of processors is nigh upon us, and it promises to be a doozy in several respects. VentureBeat: The Santa Clara chipmaker today launched 11 new 10-nanometer 10th Gen Intel Core processors (code-named Ice Lake) designed for slim laptops, 2-in-1s, and other high-end mobile form factors. In addition to capable new integrated graphics and enhanced connectivity courtesy Wi-Fi 6 and Thunderbolt 3, the chips feature tweaks intended to accelerate task-specific workloads like AI inference and photo editing, as well as gaming. Intel expects the first 35 or so systems sporting Ice Lake-U and Ice Lake-Y chips to ship for the holiday season. Several that passed the chipmaker's Project Athena certification were previewed at Computex in Taiwan, including the Acer Swift 5, Dell XPS 13-inch 2-in 1, HP Envy 13, and Lenovo S940.

No matter which processor in the 10th Gen portfolio your future PC sports, its four cores (eight logical cores) paired with a 6MB or 8MB cache will support up to 32 GB of LP4/x-3733 (or up to 64GB of DDR4-3200), and they'll sip 9W, 15W, or 28W of power while clocking up to 4.1GHz at maximum Turbo Boost frequency. Each chip has 16 PCIe 3.0 lanes for external use, and their memory controllers allow for idle power states for less intensive tasks. With respect to AI and machine learning, every laptop-bound 10th Gen processor -- whether Core i3, Core i5, and Core i7 -- boasts Sunny Cove cores with Intel AVX-512-Deep Learning Boost, a new instruction set that speeds up automatic image enhancements, photo indexing, media postprocessing, and other AI-driven tasks.

"RISC-V is open source, so it's much more resistant to government bans," reports Tom's Hardware: The Alibaba Group Holding, China's largest e-commerce company, unveiled its first self-designed chip, Xuantie 910, based on the open source RISC-V instruction set architecture. As reported by Nikkei Asian Review, the chip will target edge computing and autonomous driving, while the RISC-V's open source license may help Alibaba side-step the U.S. trade war altogether.

Alibaba doesn't intend to manufacture the chips itself. Instead, it could outsource production to other Chinese semiconductor companies, such as Semiconductor Manufacturing International Corp. According to Nikkei, the Chinese government has been encouraging wealthy Chinese companies from various industries to enter the semiconductor industry in recent years. The government's efforts accelerated when the trade war with the U.S. started last year. It reportedly forced foreign companies to transfer their technology and IP to Chinese companies if they wanted any chance at the local Chinese market.

"Most Chinese companies are still wary about whether Arm's architecture and Intel's architecture and technical support would remain accessible amid tech tension and further geopolitical uncertainties," Sean Yang, an analyst at research company CINNO in Shanghai, said, according to Nikkei. "It would be very helpful for China to increase long-term semiconductor sufficiency if big companies such as Alibaba jump in to build a chip (design) platform which smaller Chinese developers can just use without worrying about being cut off from supplies."
The article also notes that using RISC-V will give Alibaba "the ability to completely customize and extend the ISA of the processors built on top of it without having to get permission from any company first."

DevNull127 writes: Hiring is broken and yours is too," argues a New York-based software developer whose LinkedIn profile says he's worked at both Amazon and Google, as well as doing architecture verification work for both Oracle and Intel. Summarizing what he's read about hiring just this year in numerous online articles, he lists out the arguments against virtually every popular hiring metric, ultimately concluding that "Until and unless someone does a rigorous scientific study evaluating different interviewing techniques, preferably using a double-blind randomized trial, there's no point in beating this dead horse further. Everyone's hiring practices are broken, and yours aren't any better."

For example, as a Stanford graduate he nonetheless argues that "The skills required for getting into Stanford at 17 (extracurriculars, SAT prep etc) do not correlate to job success as a software developer. How good a student you were at 17, is not very relevant to who you are at 25." References are flawed because "People will only ever list references who will say good things about them," and they ultimately punish people who've had bad managers. But asking for source code from past sides projects penalizes people with other interests or family, while "most work product is confidential."

Brain teasers "rely on you being lucky enough to get a flash of inspiration, or you having heard it before," and are "not directly related to programming. Even Google says it is useless." And live-coding exercises are "artificial and contrived," and "not reflective of practical coding," while pair programming is unrealistic, with the difficulty of the tasks varying from day to day.

He ultimately criticizes the ongoing discussion for publicizing the problems but not the solutions. "How exactly should we weigh the various pros and cons against each other and actually pick a solution? Maybe we could maybe try something novel like data crunch the effectiveness of each technique, or do some randomized experiments to measure the efficacy of each approach? Lol, j/k. Ain't nobody got time for that!"

MojoKid writes: AMD's new Ryzen 3000 processors can boost as high as 4.6 GHz, a notable bump over previous Ryzen models, but what about AMD's purported Instructions Per Cycle (IPC) gains? Has AMD's Zen 2 architecture finally caught up to Intel's Coffee Lake-based Core series processors in terms of IPC? To prove this out, HotHardware pitted a 12-core Ryzen 9 3900X against Intel's 8-core Core i9-9900K in an array of tests, with both chips locked at 4GHz across all cores and four of the Ryzen CPU cores (or 2 CCXs) disabled (save for a couple of instances to show MT scaling). This allowed AMD's fastest Zen 2-based CPU, with its full 64MB L3 cache complement, to compete against Intel's current fastest desktop chip at identical clock speeds. A series of single-threaded benchmarks were run, in addition to some standard games tests, which are lightly multithreaded. The Intel and AMD multi-core processors essentially traded blows across a number of tests, but Intel won more often than not. The blue team notched IPC wins in SANDRA's Dhrystone integer tests, Geekbench, POV-Ray, LAME MT, and the gaming tests. AMD stole single-threaded victories in SANDRA's Whetstone FPU tests, Cinebench, and Y-Cruncher. While not an outright win for AMD, the company has obviously worked hard to improve 3rd Gen Ryzen IPC throughput, while its multi-core scaling is downright impressive.

An anonymous reader quotes a report from The New York Times: The Senate Intelligence Committee concluded Thursday that election systems in all 50 states were targeted by Russia in 2016 (Warning: source may be paywalled; alternative source), largely undetected by the states and federal officials at the time, but at the demand of American intelligence agencies the committee was forced to redact its findings so heavily that key lessons for the 2020 election are blacked out. Even key findings at the beginning of the report were heavily redacted. It concluded that while there is no evidence that any votes were changed in actual voting machines, "Russian cyberactors were in a position to delete or change voter data" in the Illinois voter database. The committee found no evidence that they did so. While the report is not directly critical of either American intelligence agencies or the states, it described what amounted to a cascading intelligence failure, in which the scope of the Russian effort was underestimated, warnings to the states were too muted, and state officials either underreacted or, in some cases, resisted federal efforts to offer help.

Apple is officially acquiring Intel's smartphone modem business for $1 billion, the two companies announced today. As rumored earlier this week, the move "would jump-start the iPhone maker's push to take control of developing the critical components powering its devices." The Verge reports: The acquisition means that Apple is now well on the way to producing its own 5G modems for its smartphones, rather than having to rely on Qualcomm for the hardware. Developing its own modems has the potential to deliver big benefits for Apple. In particular, it would no longer be subject to the patent licensing terms of Qualcomm, which were the source of the two companies' lengthy legal dispute. In the past, Apple has accused Qualcomm for charging "disproportionately high" fees in patent royalties, which it was accused of forcing companies to agree to if they want access to its hardware as part of a "no license -- no chips" policy.

The talks with Intel to acquire its modem business are understood to have started last summer, according to the WSJ, when Intel's new CEO Bob Swan arrived with a focus on cleaning up the company and addressing its loss-making segments. Acquiring another business to develop an in-house competitor is a tactic Apple has used at least once before when it spent $300 million to acquire part of Dialog, a company that previously supplied Apple with power management chips for its phones. The time of the acquisition, which included 300 employees, was Apple's biggest ever in terms of headcount.

According to The Wall Street Journal, Apple is in advanced talks to buy Intel's smartphone-modem chip business (Warning: source paywalled; alternative source), "a move that would jump-start the iPhone maker's push to take control of developing the critical components powering its devices." From the report: A deal, covering a portfolio of patents and staff valued at $1 billion or more, could be reached in the next week, the people said -- assuming the talks don't fall apart. Though the purchase price is a rounding error for companies valued in the hundreds of billions of dollars, the transaction would be important strategically and financially. It would give Apple access to engineering work and talent behind Intel's yearslong push to develop modem chips for the crucial next generation of wireless technology known as 5G, potentially saving years of development work.

For Intel's part, a deal would allow the company to shed a business that had been weighing on its bottom line: The smartphone operation had been losing about $1 billion annually, a person familiar with its performance has said, and has generally failed to live up to expectations. Though it would exit the smartphone business, Intel plans to continue to work on 5G technology for other connected devices. Earlier this year, it was reported that Apple began discussing plans to acquire parts of Intel's smartphone modem chip business last summer, around the time former Intel Chief Executive Brian Krzanich resigned. "Mr. Krzanich championed the modem business and touted 5G technology as a big future revenue stream," reports The Wall Street Journal. "When Bob Swan was named to that job in January, analysts said the odds of a deal rose because his focus on cleaning up Intel would require addressing the losses in the modem business."

During the Defense Advanced Research Projects Agency's (DARPA) Electronics Resurgence Initiative 2019 summit in Detroit, Michigan, Intel unveiled a system codenamed "Pohoiki Beach," a 64-chip computer capable of simulating 8 million neurons in total. From a report: Intel Labs managing director Rich Uhlig said Pohoiki Beach will be made available to 60 research partners to "advance the field" and scale up AI algorithms like spare coding and path planning. [...] Pohoiki Beach packs 64 128-core, 14-nanometer Loihi neuromorphic chips, which were first detailed in October 2017 at the 2018 Neuro Inspired Computational Elements (NICE) workshop in Oregon.

They have a 60-millimeter die size and contain over 2 billion transistors, 130,000 artificial neurons, and 130 million synapses, in addition to three managing Lakemont cores for task orchestration. Uniquely, Loihi features a programmable microcode learning engine for on-chip training of asynchronous spiking neural networks (SNNs) -- AI models that incorporate time into their operating model, such that components of the model don't process input data simultaneously. This will be used for the implementation of adaptive self-modifying, event-driven, and fine-grained parallel computations with high efficiency.

This week Intel announced two new patches, according to Tom's Hardware: The flaw in the processor diagnostic tool (CVE-2019-11133) is rated 8.2 out 10 on the CVSS 3.0 scale, making it a high-severity vulnerability. The flaw [found by security researcher Jesse Michael from Eclypsium] "may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access," according to Intel's latest security advisory. Versions of the tool that are older than 4.1.2.24 are affected.

The second vulnerability, found by Intel's internal team, is a medium-severity vulnerability in Intel's SSD DC S4500/S4600 series sold to data center customers. The flaw found in the SSD firmware versions older than SCV10150 obtained a 5.3 score on the CVSS 3.0 scale, so it was labeled medium-severity. The bug may allow an unprivileged user to enable privilege escalation via physical access.

As one of the flaws was uncovered by Intel itself and for the other the Eclypsium research coordinated with Intel for its disclosure, Intel was able to have ready the patches in time for the public announcement.