We were recently beset by a sudden, MASSIVE drop in the number of search referrals from Google. We discovered that something was blocking search engine robots from accessing our sitemaps or crawling our website!
At first, we though it was due to a CloudFlare SSL configuration. But now, we have confirmed that it is due to an iThemes Security feature!
It is critical that you check and make sure that this iThemes Security setting is not preventing search engine robots from reading your sitemaps, and crawling your website.
iThemes Security
Formerly known as Better WP Security, iThemes Security is a very popular WordPress security plugin. While the paid Pro option offers a ton of cool security features, even the free plugin gives you the ability to lock down WordPress, fix common holes, stop automated attacks and implement a blacklist (this is a pivotal feature in this article).
What Happens If You Block Search Engine Bots?
if you block search engine bots accidentally or otherwise, you prevent them from indexing your website. This essentially makes your website “invisible” to search engines. Your website pages will no longer appear when people are searching for a relevant topic.
How does that happen?
Your website pages no longer appear in Google searches. If Google can’t see them, Google cannot display your pages in search results!
Even if your website pages do appear in Google searches, the links may be corrupt or nonsensical. Look at this example of this search result which leads to a bad link.
The description of your website page may also be nonsensical, as the example above also demonstrates.
This iThemes Security Setting Can Block Search Engine Bots!
A key feature of iThemes Security is the ability to set up a blacklist. iThemes Security will automatically populate the blacklist with the IP addresses after a number of failed attempts to login. This prevents a malicious attacker from trying to brute force its way into your system.
Unfortunately, it can falsely detect search engine bots as malicious hackers, and add them to the blacklist. That was precisely what happened to us.
Google reports that all of our sitemaps are inaccessible. Here is a view showing all five of our sitemaps were inaccessible.
If you click on the reported errors, they will all show HTTP 403 error (Forbidden).
You can verify if any search engine bot is being blocked by keying in the sitemap (or robot.txt or your website) at Redirect Checker. You can also try loading the sitemap or robot.txt in your own web browser.
If Redirect Checker or you have no problem accessing your sitemaps or robot.txt file, then something is blocking the Googlebot (or other search engine robots) from accessing your sitemaps, or crawling your website. That “something” is most likely iThemes Security’s blacklist.
The Solution
The solution is simple.
Log into your website’s WordPress admin panel.
Go to Security -> Settings.
Look for the Banned Users section, and click on Configure Settings.
In the Banned Users page, you will see a list of banned IP addresses.
Delete the whole list of banned IP addresses.
Uncheck the Ban Lists option.
Click Save Settings, and that’s it! The search engine robots will now be able to read your sitemaps!
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
One of the key features of the new Samsung Galaxy S9 is the improved Samsung Bixby capabilities. What’s new in the Samsung Galaxy S9 Bixby? How about AR translation and AR assistance?
Yes, it’s all about augmented reality with the new Samsung Galaxy S9 Bixby virtual assistant! But how useful are they? Check out the two videos and find out!
Samsung Bixby
Samsung Bixby was first introduced with the Galaxy S8 as a replacement for S Voice. Samsung even introduced a dedicated Bixby button for quick access. However, it was panned for its limited utility, and Samsung eventually allowed users to disable the Bixby button (but not repurpose it).
Critics expected Samsung to quietly ditch Bixby in the Galaxy S9, or at least the dedicated Bixby button. But as we shared in our early coverage and leaks on the Galaxy S9, it will come with a dedicated Bixby button.
The New Samsung Galaxy S9 Bixby Features
Instead of just admitting defeat, Samsung doubled down on Bixby. Not everyone gets things right the first time, after all; and virtual assistants like Bixby are the future. The pressure was on the team to make sure the Samsung Galaxy S9 Bixby will actually be useful to its users.
Live Translation
The original Samsung Bixby is capable of live translation, so a more accurate description of this new feature is AR (augmented reality) Translation.
In the original Bixby, the translation appears as a separate card. But in the new Samsung Galaxy S9 Bixby implementation, the translation appears as part of the image. Hence, our opinion that it should be called AR Translation.
In fact, it is smart enough to take note of the font and background of the text being translated, and render the translation as if it was the original text!
This is, without doubt, a truly useful combination of Bixby and augmented reality!
[adrotate group=”1″]
Improved Bixby Vision
The Samsung Galaxy S9 Bixby Vision has been improved. Again, it makes use of augmented reality (instead of separate information cards), to help you locate the information you need.
Point Bixby Vision at an object to get information on it, like the calorie count of a food item. Point it at a landmark, and it identifies the location and tells you about prominent establishments nearby. Point it at the sky and it gives you the current temperature and weather report.
While many of these features are already present in the original Bixby, the presentation of the information in augmented reality in the Galaxy S9 Bixby implementation makes it more intuitive to use.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
The efforts to mitigate the threat of the Meltdown and Spectre exploits is officially WORSE than the threat itself. Many Intel systems are randomly and spontaneously rebooting after installing Intel Spectre 2 patches. No shit. Here is our continuing coverage of the Intel Spectre Reboot Issue!
Article Update History
Click here for the Article Update History
Updated @ 2018-03-06 :Added the latest updates on the issue, as well as the new Intel Spectre 2 microcode revision guidance slides.
Updated @ 2018-02-22 :Added the latest updates on the issue, as well as the new Intel Spectre 2 microcode revision guidance slides.
Updated @ 2018-02-14 :Added the latest updates on the issue, as well as the new Intel Spectre 2 microcode revision guidance slides.
Updated @ 2018-02-10 :Added a new section on the Intel Spectre 2 Microcode Update Schedule, and updated various parts of the article. Removed 80 Intel processors that have just been confirmed not to be affected by the buggy microcode updates.
Updated @ 2018-01-26 :Added the Intel Coffee Lake, Intel Xeon Scalable and Intel Xeon W family of processors to the list of affected CPUs. Added the updated Intel Spectre 2 Microcode Update Guidance.
Updated @ 2018-01-23 :Added a new section on the root cause of the spontaneous reboot issue, and updated guidance on what you should do about this problem. Also added the Intel microcode revision lists. Removed 129 workstation / server CPUs, 105 desktop CPUs and 143 mobile CPUs.
Updated @ 2018-01-18 :Added the latest development on the Intel spontaneous reboot issues, including a greatly-expanded list of affected Intel CPUs.
Updated @ 2018-01-16 :Added the full list of Intel CPUs with reboot issues
Originally posted @ 2018-01-13
Spontaneous Reboots With Spectre 2 Patches Updated!
On 11 January 2018, the WSJ reported that Intel was quietly asking their cloud computing customers to hold off installing Meltdown and Spectre patches because “the patches have bugs of their own“. Specifically, there were three bugs in the microcode patches they released.
In a blog post posted on the same day, Intel Executive Vice President and General Manager of the Intel Data Center Group, Navin Shenoy confirmed that Intel received reports of “higher system reboots” after applying those updates.
Basically, these systems would randomly and spontaneously reboot after installing those patches. Not something you want your computer to do, never mind servers that cater to tens or hundreds of thousands of users.
He initially confirmed that the affected systems were running Intel Broadwell and Intel Haswell CPUs, and that the issues affected both client (desktop, mobile, workstation) PCs, as well as data center servers.
But in an update a week later, Navin revealed that the newer Kaby Lake and Skylake CPUs, as well as older Sandy Bridge and Ivy Bridge processors, were also experiencing spontaneous reboot issues after updating their firmware.
Although not explicitly mentioned, the latestIntel Coffee Lake CPUs are also affected by spontaneous reboots. Hidden in their microcode revision guidance was a reference to the Coffee Lake-S processors.
In their 24 January 2018 microcode revision guidance, they further added the Intel Xeon Scalable and Intel Xeon W processor families to the list of affected CPUs.
But there’s good news – on 8 February 2018, Intel confirmed that 80 CPU models previously marked as affected have been certified to be free from the buggy microcode updates.
On 12 February 2018, Intel released beta microcode updates for some of their Coffee Lake, Broadwell and Haswell processors, and pre-beta updates for their Arrandale, Clarkdale and Gulftown processors.
On 20 February 2018, Intel released production microcode updates for their Coffee Lake, Kaby Lake and Skylake processors, with new beta microcode updates for their Haswell, Ivy Bridge and Sandy Bridge processors.
On 26 February 2018, Intel released production microcode updates for the remaining Broadwell and Haswell processors, except for their Broadwell EX and Haswell EX (server) processors.
On 1 March 2018, Intel released new beta microcode updates for their Arrandale, Clarkdale, Gulftown, Nehalem EP, Nehalem WS, Westmere EP, Westmere WS and Ivy Bridge EX (server) processors. They also started releasing pre-beta updates for their Lynnfield and Westmere EX processors. With the release of the Skylake Xeon E3 production update, the entire Intel Skylake family is fully patched.
On 22 January 2018, Navin Shenoy announced that Intel :
has identified the root cause for Broadwell and Haswell platforms, and
is making good progress in developing a solution to address that root cause.
They revealed that the spontaneous reboot issues seen with the affected Intel CPUs were caused by Spectre 2 mitigations in those microcode updates.
Notably, Intel only confirmed that Spectre 2 mitigations were the root cause in those two platforms. They have not confirmed Spectre 2 mitigations as the cause in the Coffee Lake, Kaby Lake, Skylake, Ivy Bridge and Sandy Bridge platforms that are also affected.
In fact, Intel shared that “The progress we have made in identifying a root cause for Haswell and Broadwell will help us address issues on other platforms. Please be assured we are working quickly to address these issues.”
What CPUs Are Affected By The Buggy Intel Spectre 2 Patches?
All of the systems suffering from spontaneous reboot issues were running on Haswell, Broadwell, Skylake, Kaby Lake and the latest Coffee Lake CPUs. Workstation and server CPUs based on Ivy Bridge and Sandy Bridge were also affected, but thankfully not their desktop brethren.
On 8 February 2018, Intel revealed that some of the microcode updates that they suspected were buggy, were actually not buggy. They include :
The Intel Skylake H/S/U/Y Desktop Processors
The Intel Xeon E3-1200 v5 Processor Family (Skylake)
We prepared the full list of CPUs affected by the buggy Intel Spectre 2 patches, but it is a VERY LONG LIST with 801 CPUs, so we split them into three sections.
As you can see, many more server and workstation CPUs are affected than desktop and mobile CPUs combined. That’s because Intel prioritised the patching of their server and workstation CPUs, over desktop and mobile CPUs.
What Is Being Done About The Buggy Intel Spectre 2 Patches?
When he first posted on the spontaneous reboot issue, Navin said that Intel was working to “understand, diagnose and address this reboot issue“.
In his latest update, he shared that Intel had already issued an early version of the new microcode updates to their partners for tests, and will release them “once that testing has been completed“.
These new microcode updates basically have Spectre 2 mitigations removed. This will restore stability to the affected Intel CPUs, while Intel fixes the problems in those mitigations.
The Intel Spectre Microcode Update Schedule Updated!
On 7 February 2018, Navin Shenoy announced that Intel has released “production microcode updates for several Skylake-based platforms” to their OEM customers and industry partners, with more platform updates “in coming days“.
The schedule was updated on 12,20, 26 February and 1 March with more details, including production (final), pre-beta and beta versions of the new Intel Spectre microcode updates.
What Should YOU Do?
While Intel initially advised end-users to “apply updates” from system and operating system providers, they have now changed their guidance, as of 22 January 2018 :
We recommend that OEMs, Cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions on the below platforms, as they may introduce higher than expected reboots and other unpredictable system behavior.
We also ask that our industry partners focus efforts on testing early versions of the updated solution for Broadwell and Haswell we started rolling out this weekend, so we can accelerate its release. We expect to share more details on timing later this week.
For those concerned about system stability while we finalize the updated solutions, we are also working with our OEM partners on the option to utilize a previous version of microcode that does not display these issues, but removes the Variant 2 (Spectre) mitigations. This would be delivered via a BIOS update, and would not impact mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown).
Please note that there has been no actual recorded threat or attack using the Meltdown or Spectre exploits. The damage, or risk of damage, every time your system or server spontaneously reboot is FAR WORSE than the (currently) non-existent threat of a Meltdown or Spectre exploit.
Therefore, we recommend that you DO NOT apply any microcode update for your Intel system, if you are using any Intel processor manufactured since 2011.
If you have already applied the latest Intel Spectre microcode update, and are affected by spontaneous reboots; you should upgrade to the new firmware (if they are available), or revert to the older firmware.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
Server / Workstation CPUs With Buggy Intel Spectre Patches
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
The Samsung Galaxy S9 and Samsung Galaxy S9+ boast improved cameras with a bunch of new features. In this article, we will explain to you the new Galaxy S9 camera features, and share with you a live demonstration video and samples of the new Super Slow-mo feature!
The Samsung Galaxy S9 Camera Features Explained!
Samsung conducted a special tech briefing session on the Samsung Galaxy S9 camera features. They demonstrated the new Galaxy S9 camera features like Super Slow-mo, f/1.5 low light capability, and the new AR Emoji feature.
Dual Aperture Camera
Both models feature a new, unique dual aperture camera. The camera has a mechanical aperture that automatically switches between an incredibly bright f/1.5 aperture, and the f/2.4 aperture for a deeper depth of field.
The f/1.5 aperture is the widest aperture so far in a smartphone, offering just over ⅓ stop more light than the f/1.7 aperture of the Samsung Galaxy S8‘s camera. This translates into better low-light photography with less noise.
Super Slow-Mo
Both smartphones will come with a new Super Slow-mo feature. It allows you to record slow-motion 720p video at 960 fps. Best of all – the Samsung Galaxy S9 and S9+ smartphones can automatically detect motion and start recording when you need it to.
There are some caveats though. It is limited to 20 shots per video, with approximately 0.2 seconds of recording and 6 seconds of playback for each slow-mo shot.
The Super Slow-mo videos can be instantly edited, with a random selection from preloaded choices. Or you can use your own music / songs. You can also create a GIF from the recorded video, with three style of looping – reverse, forward or swing.
[adrotate group=”1″]
AR Emoji
This is arguably one of the coolest software features in the new Samsung Galaxy S9 camera system. You can use either the front or rear camera to take a picture of anyone, to create augmented reality emojis that look like your subject!
The Samsung Galaxy S9 and S9+ will automatically create an avatar that looks like you, which you can customise to your satisfaction. They will also automatically create 18 stickers showing a range of different emotions for you to use in your instant messages.
But that’s not all – the avatar will imitate your facial expressions. You can even record videos that can be shared with your friends!
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
Samsung just revealed the Samsung Galaxy S9 and Galaxy S9+ at the 2018 Mobile World Congress! Here are their key features, prices, specifications, pictures, price and availability!
Article Update History
Check out what was updated recently!
Updated @ 2018-02-26 : Updated details of its dual aperture camera, ISOCELL Fast sensor, price and availability. Also added a new section on the Enterprise Edition.
Updated @ 2018-02-20 : Updated the specifications and features of the Galaxy S9/S9+. Added new sections on the colour options, and the Samsung DeX Pad.
Updated @ 2018-01-31 : Updated details on their Variable Aperture camera. Added new sections on IntelligentScan and their new ISOCELL Fast sensor. Also posted their launch prices.
Updated @ 2018-01-20 : Added a video, as well as details on their launch details, model numbers and battery capacities.
Updated @ 2018-01-15 : Added details of the new variable aperture camera, and the Super Slow-mo feature. Also updated their specifications.
Originally posted @ 2018-01-12
The Samsung Galaxy S9 / S9+ Revealed!
Like the Samsung Galaxy S8, there will be two sizes – the Galaxy S9 (SM-960) with a 5.8″ display, and the larger Galaxy S9+ (SM-965) with a 6.2″ display.
The US and Chinese models will be powered by the Qualcomm Snapdragon 845 SoC, while the rest of the world will receive the Samsung Exynos 9810 SoC instead.
This year though, Samsung will increase the feature differentiation between the two sizes. Let’s take a look…
Memory & Storage
The Samsung Galaxy S9+ will come with 6 GB of LPDDR4x memory, with 64 GB, 128 GB and 256 GB storage options, as well as a possible 512 GB model for “select markets” on a “temporary” basis.
The Samsung Galaxy S9 will only come with 4 GB of LPDDR4x memory, and either 64 GB or 128 GB of storage.
New Dual Aperture Camera Updated!
Both models will feature a new, unique dual aperture camera. It was first used in the rare and expensive Samsung W2018 smartphone (available only in China). The camera has a mechanical aperture that lets you switch between an incredibly bright f/1.5 aperture, and the f/2.4 aperture for a deeper depth of field.
For the first time as well, Samsung will also differentiate the two sizes by offering a dual camera setup like the Galaxy Note8 only in the Galaxy S9+. The second 12 MP camera (with a fixed f/2.4 aperture) adds Live Focus and Dual Capture capability to the Plus model, as well as the ability to switch lenses on-the-fly while recording videos.
The smaller Galaxy S9 will not support the Live Focus and Dual Capture capability we love so much in the Galaxy Note8. This would make the Galaxy S9+ a more enticing model for mobile photography enthusiasts.
New Samsung ISOCELL Fast Sensor Updated!
Samsung will also introduce their latest ISOCELL Fast S5K2L7/9 sensor in the new cameras. This is a 12 MP sensor with large 1.4 µm pixels for excellent low-light performance.
The Fast designation means it comes with its Dual Pixel and Super PD capabilities. It also boasts a 3-stack FRS (Fast Readout Sensor) that allows high-speed captures of Full HD video.
Super Slow-Mo Updated!
Both smartphones will come with a new Super Slow-mo feature. It allows you to record slow-motion 1080p video at 960 fps / 4K video at 120 fps. However, this feature is apparently limited to models using the Samsung Exynos 9810 SoC.
IntelligentScan
Instead of using a point cloud facial recognition system like Apple Face ID, and future honor smartphones, the Samsung Galaxy S9 will feature IntelligentScan. It combines the existing facial recognition and iris scanning capabilities to improve accuracy and security, even in low light or super bright conditions.
Fingerprint Sensor
The position of the fingerprint sensor was, finally, brought into central alignment. This makes it easier to use, especially in the Galaxy S9+ because the dual camera setup means the fingerprint sensor is positioned even lower.
The fingerprint sensor’s close proximity to the main camera though means you are still very likely to smudge the lens with your oily fingers.
Bixby & Earphone Port
[adrotate group=”2″]
Despite rumours that Samsung will be ditching the dedicated Bixby button and 3.5 mm earphone port, they will definitely be part of both devices.
Same Batteries
Both devices will come with the same battery capacities of their predecessors – 3000 mAh for the Samsung Galaxy S9, and 3,500 mAh for the larger Galaxy S9+.
However, they should have a longer battery life, thanks to their more efficient processors. They will also support the new 15 W fast wireless charging capability.
AKG-Tuned Stereo Speakers
The two new Samsung flagship smartphones will feature stereo speakers tuned by AKG.
Samsung will also be offering an Enterprise Edition of both devices. These are basically specially-configured Galaxy S9 or Galaxy S9+ smartphones for corporate clients.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
Samsung DeX Pad
Samsung will be introducing a new DeX docking station called the Samsung DeX Pad. It will have a flat design, which allows the display to be used as a touch pad. It also lets you make use of the Galaxy S9’s earphone port.
The Samsung Galaxy S9 / S9+ will be available with four colour options – Midnight Black, Lilac Purple, Coral Blue, Titanium Silver. Here are three of them, as provided by Evan Blass.
Samsung Galaxy S9 / S9+ Specifications
Here are the specifications of the Samsung Galaxy S9 and S9+ smartphones that we managed to obtain.
Specifications
Samsung Galaxy S9+
Samsung Galaxy S9
Model
SM-965
SM-960
Display
6.2" Super AMOLED Infinity Display
- 1440 x 2960 pixels (529 ppi)
5.8" Super AMOLED Infinity Display
- 1440 x 2960 pixels (570 ppi)
Dual Camera System
- Main Dual Aperture Camera with 12 MP Dual Pixel sensor, OIS lens with f/1.5 and f/2.4 variable apertures
- Telephoto camera with 12 MP Dual Pixel sensor, OIS lens and f/2.4 aperture
- dual-tone LED flash
Dual Aperture Camera
- 12 MP Dual Pixel sensor with 1.4 μm pixels
- OIS lens with f/1.5 and f/2.4 variable apertures
- dual-tone LED flash
Super Slow-mo
Yes, 720p (0.2 seconds)
Yes, 720p (0.2 seconds)
Samsung Live Focus
Yes
No
Connectivity
Qualcomm Snapdragon 845
- LTE Cat18 : 1.2Gbps DL / 150 Mbps UL
- WiFi : 802.11ac (2x2)
- USB Type C
Samsung Exynos 9810
- LTE Cat18 : 1.2Gbps DL / 200 Mbps UL
- WiFi : 802.11ac (2x2)
- USB Type C
Qualcomm Snapdragon 845
- LTE Cat18 : 1.2Gbps DL / 150 Mbps UL
- WiFi : 802.11ac (2x2)
- USB Type C
Samsung Exynos 9810
- LTE Cat18 : 1.2Gbps DL / 200 Mbps UL
- WiFi : 802.11ac (2x2)
- USB Type C
Iris Scanner
Yes, with IntelligentScan capability
Yes, with IntelligentScan capability
Fingerprint Sensor
Yes, Rear-Mounted
Yes, Rear-Mounted
Bixby Button
Yes
Yes
Dust & Water Resistance
IP68
IP68
Audio
AKG-tuned Stereo Speakers
3.5 mm audio jack
AKG-tuned Stereo Speakers
3.5 mm audio jack
FM Radio
Yes
Yes
Battery
3,500 mAh lithium-ion battery
15 W Fast Wireless Charging Capability
3,000 mAh lithium-ion battery
15 W Fast Wireless Charging Capability
Dimensions
73.8 mm wide
158.1 mm tall
8.5 mm thick
68.7 mm wide
147.7 mm tall
8.5 mm thick
Weight
189 g
163 g
Available Colours
Midnight Black / Coral Blue / Lilac Purple / Titanium Silver
Midnight Black / Coral Blue / Lilac Purple / Titanium Silver
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
The Most Credible Leaked Pictures
There are many “leaked pictures” on the Internet, but these are the most credible photos we found. They all tie in with what we know so far about the upcoming Samsung Galaxy S9 and S9+ smartphones. Check them out!
The Olixar Cases
These cases were leaked by Olixar. The clear case designs, in particular, offer the clearest look at the two Samsung smartphones.
Pictures Leaked From China
[adrotate group=”1″]
Box Sleeve Leaked From Vietnam
This picture of the outer sleeve for the Samsung Galaxy S9‘s box, which was purportedly leaked from Vietnam. It seems to be genuine, with the specifications matching what we know so far. Notably, it confirms the variable aperture camera, and the Super Slow-mo feature.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
We had earlier revealed everything you need to know about the Samsung Galaxy S9 and Samsung Galaxy S9+ ahead of the official Galaxy UNPACKED event in Barcelona. Now, we will share with you details and the official Samsung video for the Samsung Galaxy S9 Enterprise Edition and the Samsung Galaxy S9+ Enterprise Edition smartphones.
The Samsung Galaxy S9 Enterprise Edition
As part of the Samsung For Enterprise (SAFE) initiative, many Samsung smartphones have the enterprise-grade encryption capabilities in the form of Samsung Knox built-in. This allows users to securely protect sensitive data using My Knox and now, Secure Folder.
Samsung appears to be extending their Knox capabilities to introduce Enterprise Edition versions of the Galaxy S9 and Galaxy S9+ smartphones. Check out the Samsung Galaxy S9 Enterprise Edition video that was just leaked.
In addition to Samsung Knox 3.1 and biometric authentication in the standard Galaxy S9 and Galaxy S9+ smartphones, the Samsung Galaxy S9 Enterprise Edition and Samsung Galaxy S9+ Enterprise Edition will feature :
[adrotate group=”2″]
Knox Configure
24/7 technical support
Samsung E-FOTA (Firmware Over-The-Air) updates by the corporate IT department
Maintenance support, and extended device warranties
Security updates for up to 4 years
The video also confirmed the new Samsung DeX with a flat design, and gave us a first look at how the variable aperture camera works.
The variable aperture camera has a mechanical aperture that lets you switch between an incredibly bright f/1.5 aperture, and the f/2.4 aperture for a deeper depth of field.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
During our continuing coverage of Meltdown and Spectre, we noticed that Intel accidentally leaked details of their upcoming 10 nm Cannon Lake processors. Let’s take a look at what we found!
The Intel Cannon Lake Processor
Cannon Lake is the long-delayed 10 nm die shrink of the Intel Kaby Lake microarchitecture. Originally slated for release in 2016, Intel delayed it in favour of another 14 nm process refinement with the Intel Coffee Lake processors.
In addition to a die shrink that would allow it to deliver better performance with lower power consumption and thermal output, the Cannon Lake processors will also boast the AVX-512 instruction set.
At CES 2018, Intel announced that they have already started shipping mobile Cannon Lake processors to their partners, with a production ramp-up in 2018. So we know for sure Cannon Lake will finally see the light of day in 2018.
they are ultra-low power mobile processors, with a 15 W TDP
the (2+2) model is a dual-core processor with an Intel GT2 integrated graphics
the (2+0) model is a dual-core processorwithout integrated graphics
The (2+0) model is interesting because it’s the first U-grade Intel mobile processor to not come with integrated graphics.
Is this meant to be used in applications that do not require displays, like a NAS? Could it possibly be used in an MCM package with Radeon Graphics? Or is this a higher-performance part to be paired with discrete graphics options from AMD or NVIDIA?
Cannon Lake Availability
Intel was not specific about when exactly they will launch these mobile Cannon Lake processors, but we can glean some details from their leaked microcode update schedule.
We can see that the Cannon Lake BIOS is currently in beta testing. So a Q1 launch is unlikely, but a Q2 launch is most definitely on the table. In fact, we think that its launch got delayed after the Intel Spectre 2 reboot issue.
Intel probably delayed its official launch until they can make sure they have a fully-patched BIOS. It wouldn’t be good PR to launch the Cannon Lake processors, without being able to claim that they’re fully-protected against Meltdown and Spectre.
They’re Vulnerable To Meltdown + Spectre?
Yes, the Cannon Lake processors are all vulnerable to Meltdown and Spectre. These processors were taped out long ago. It was the Intel 10 nm process technology that was not sufficiently mature, not the Cannon Lake design.
Only the next-generation Intel Ice Lake processors, which features a new microarchitecture, will no longer be vulnerable to Meltdown and Spectre.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
The Meltdown and Spectre CPU flaws that the Google Project Zero team discovered are arguably the worst we have ever known. These vulnerabilities were built into BILLIONS of CPUs that we have been using for the last decade or so.
Not just Intel CPUs, but also CPUs made by AMD, Apple and ARM. Even those that power our smartphones and other smart devices!
Let’s take a look at what we know so far about Meltdown and Spectre, how they affect you, and what we can do about them.
This story is still developing. We will update the article as and when new details emerge. Be sure to check back and refresh the page for the latest information!
Article Update History
Click here for the Article Update History
2018-02-17 :Updated the table of CPUs vulnerable to Meltdown and Spectre.Updated four sections with new information.
2018-02-05 :Added a table of CPUs vulnerable to Meltdown and Spectre.Updated three sections with new information.
2018-01-25 :Revamped the entire article. Added a new section on the difference between Meltdown and Spectre, and a new section on InSpectre. Updated the list of vulnerable processors, mitigation efforts by Microsoft and Apple, as well as the Intel spontaneous reboot issues with their Spectre 2 patches.
2018-01-16 : Updated the list of vulnerable processors, and added a new section on Intel CPUs spontaneously rebooting after applying Meltdown and Spectre patches. Also added cautionary advice on holding off these updates.
2018-01-12 : Updated the article with the AMD confirmation that their processors are vulnerable to both Spectre exploits. Also added details on the Google Retpoline mitigation technique against Spectre attacks.
2018-01-11 : Added new sections on the performance impact of the Meltdown and Spectre mitigation patches, and reports of those patches bricking some AMD PCs. Also expanded the list of affected CPUs, and corrected information on the Intel-SA-00086 Detection Tool.
Between 2018-01-09 and 2018-01-10 : Numerous updates including details of patches and affected CPUs.
Originally posted @ 2018-01-09
The Meltdown + Spectre Vulnerabilities
The Project Zero team identified these vulnerabilities in 2017, reporting it to Intel, AMD and ARM on 1 June 2017.
These vulnerabilities take advantage of the Speculative Execution and Branch Prediction features of the modern processor, that have been used for many years to improve performance.
Speculative Execution lets the CPU predict and pre-execute the next instruction, allowing it to “instantly” deliver the results if it’s correct.
Branch Prediction helps the CPU predict future execution paths that should be speculatively-executed for better performance.
There are THREE (3) variants of the speculative execution CPU bug :
The Spectre attack (whitepaper) exploits variants 1 and 2.
The Meltdown attack (whitepaper) exploits variant 3.
There is a Variant 3a, which appears to affect only certain ARM processors.
What’s The Difference Between Meltdown & Spectre?
Spectre tricks the CPU branch predictor into mis-predicting the wrong path, thereby speculatively executing code that would not otherwise be executed.
Meltdown takes advantage of the out-of-order execution capability of modern processors, tricking them into executing malicious code that would normally not be allowed.
The Spectre name is based on both the root cause – speculative execution, and the fact that it is not easy to fix, and will haunt us for a long time like a spectre (ghost).
The Meltdown name was chosen because the vulnerability “basically melts security boundaries which are normally enforced by the hardware“.
How Bad Are Meltdown & Spectre?
The Spectre exploits let an attacker access and copy information from the memory space used by other applications.
The Meltdown exploit lets an attacker copy the entire physical memory of the computer.
Unless patched, the affected processors are vulnerable to malware and cyberattacks that exploits this CPU bug to steal critical information from running apps (like login and credit card information, emails, photos, documents, etc.)
While the Meltdown exploit can be “fixed”, it is likely that the Spectre exploit cannot be fixed, only mitigated, without a redesign of the processors. That means we will have to live with the risks of a Spectre attack for many more years to come.
The Intel-SA-00086 Detection Tool does NOT detect the processor’s susceptibility to these vulnerabilities. It only checks for different vulnerabilities affecting the Intel Management Engine.
InSpectre
Our reader Arthur shared that the Gibson Research Corporation has an aptly-named utility called InSpectre.
It checks for Meltdown and Spectre hardware and software vulnerabilities in a Windows system. It will help you check if your system is getting patched properly against these vulnerabilities.
What Is Being Done??? Updated!
Note : The terms “mitigate” and “mitigation” mean the possibility of a successfully attacked are reduced, not eliminated.
Intel has started issuing software and firmware updates for the processors introduced in the last 5 years. By the middle of January 2018, Intel expects to have issued updates for more than 90% of those CPUs. However, that does not address the other Intel processors sold between 2010 and 2012.
Microsoft and Linux have started to roll our the KPTI (Kernel Page Table Isolation) patch, also known as the KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed) patch.
The KPTI or KAISER patch, however, will only protect against the Meltdown exploit. It has no effect on a Spectre attack.
Microsoft Edge and Internet Explorer 11 received the KB4056890 security update on 3 January 2018, to prevent a Meltdown attack.
Firefox 57 includes changes to mitigate against both attacks.
Google Chrome 64 will be released on 23 January 2018, with mitigations against Meltdown and Spectre attacks.
For Mac systems, Apple introduced mitigations against Spectre in macOS 10.13.2 (released on 8 January 2018), with more fixes coming in macOS 10.13.3.
For iOS devices, Apple introduced mitigations against Meltdown in iOS 11.2 and tvOS 11.2.
On 8 January 2018, Apple released iOS 11.2.2, which mitigates the risk of the two Spectre exploits in Safari and WebKit, for iPhone 5s, iPad Air, and iPod touch 6th generation or later.
Google patched Android against both exploits with the December 2017 and January 2018 patches.
Google shared details of their Return Rrampoline (Retpoline) binary modification technique that can be used to protect against Spectre attacks. It is a software construct that ensures that any associated speculative execution will “bounce” (as if on a trampoline) endlessly.
On 11 January 2018, AMD announced that the “majority of AMD systems” have received the mitigation patches against Spectre 1, albeit some older AMD systems got bricked by bad patches. They also announced that they will make “optional” microcode updates available for Ryzen and EPYC processors by the same week.
In the same 11 January 2018 disclosure, AMD also shared that Linux vendors have started to roll out OS patches for both Spectre exploits, and they’re working on the “return trampoline (Retpoline)” software mitigations as well.[adrotate group=”2″]
On 8 February 2018, an Intel microcode update schedule revealed that their Penryn-based processors are also vulnerable, adding an additional 314 CPU models to the list of vulnerable processors.
On 14 February 2018, Intel revealed an expanded Bug Bounty Program, offering up to $250,000 in bounty awards.
Some AMD PCs Got Bricked
In the rush to mitigate against Meltdown and Spectre, Microsoft released Windows 10 patches that bricked some AMD PCs. They blamed the incorrect / incomplete documentation provided by AMD.
Intel’s rush to patch Meltdown and Spectre resulted in buggy microcode patches, causing several generations of their CPUs to randomly and spontaneously reboot.
So far, over 800 Intel CPU models have been identified to be affected by these spontaneous reboot issues. If you have one of the affected CPUs, please hold off BIOS / firmware updates!
Intel has identified the cause as the Spectre 2 patches in their microcode updates for some of these processors. They’re still investigating the cause of the other affected CPU models.
Fortunately for Windows users, Microsoft issued the KB4078130 emergency update to stop the reboots while Intel worked to fix the issue.
First and foremost – DO NOT PANIC. There is no known threat or attack using these exploits.
Although we listed a number of important patches below, the buggy updates are worse than the potential threat they try to fix. So we advise HOLDING OFF these patches, and wait for properly-tested versions a few weeks down the line.
If you are using an iOS device, get updated to iOS 11.2 or tvOS 11.2.
If you are using Firefox, update to the latest Firefox 57.
If you are using Google Chrome, make sure you watch out for Chrome 64, which will be released on 23 January.
Download and install the latest software firmware updates from your PC, laptop, motherboard brands. In particular, install the latest driver for the Intel Management Engine (Intel ME), the Intel Trusted Execution Engine (Intel TXE), and the Intel Server Platform Services (SPS)
If you are using an Intel system, hold off updating your firmware, unless you have already verified that your CPU is not affected by the buggy Intel patches, or Intel has already issued corrected patches.
The Performance Impact Of The Mitigation Patches
Many benchmarks have been released, showing performance impacts of between 5% to 30%, depending on the type of benchmark and workload. Microsoft has called those benchmark results into question, stating that they did not cover both operating system and silicon microcode patches.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
The Intel Bug Bounty Program was launched in March 2017, but after Meltdown and Spectre, Intel kicked it up a notch. Find out how you can earn up to $250,000 hunting bugs!
The New Intel Bug Bounty Program
The Intel Bug Bounty Program was created to incentivise security researchers to hunt for bugs in Intel’s products. However, it was an invitation-only program, which greatly limited the pool of eligible bug hunters.
On 14 February 2018, Rick Echevarria, the Vice President and General Manager of Platform Security at Intel, announced the expansion of the Intel Bug Bounty Program. Here are the changes :
The Intel Bug Bounty Program is no longer invitation-only. Anyone who meets the minimum requirements are eligible to participate.
Intel created a new bounty targeted specifically at side channel vulnerability (like Meltdown and Spectre). This bounty ends on 31 December 2018, and pays up to $250,000.
Intel also raised bounty awards across the board, with awards of up to $100,000 for other vulnerabilities.
The New Intel Bug Bounty Awards
Vulnerability Severity
Intel Software
Intel Firmware
Intel Hardware
Critical (9.0 – 10.0)
Up to $10,000
Up to $30,000
Up to $100,000
High (7.0 – 8.9)
Up to $5,000
Up to $15,000
Up to $30,000
Medium (4.0 – 6.9)
Up to $1,500
Up to $3,000
Up to $5,000
Low (0.1 – 3.9)
Up to $500
Up to $1000
Up to $2,000
Intel will award a Bounty for the first report of a vulnerability with sufficient details to enable reproduction by Intel.
Intel will award a Bounty from $500 to $250,000 USD depending on the nature of the vulnerability and quality & content of the report.
The first external report received on an internally known vulnerability will receive a maximum of $1,500 USD Award.
The approved CVSS calculators which may be used for determining the baseline Severity of all reported vulnerabilities shall be either the NVD CVSSv3 calculator or the FIRST CVSSv3 calculator at Intel’s sole discretion.[adrotate group=”2″]
Intel will publicly recognize security researchers on advisories and Bug Bounty collateral, at or after the time of public disclosure of the vulnerability, if & as agreed to by the researcher who reported the vulnerability.
Awards are limited to one (1) Bounty Award per eligible root-cause vulnerability. If that vulnerable component is present in other Intel products, a Bounty Award will be paid only for the first reported product instance. Intel, at its sole discretion, will decide whether the reported vulnerability is the first reported product instance of that root-cause vulnerability.
The Side Channel Vulnerability Bounty Awards
This is a time-limited bounty that ends on 31 December 2018, and is limited to bugs that are :
root-caused to Intel hardware
exploitable via software
Vulnerability Severity
Intel Hardware w/ Side Channel Exploit through Software
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
The New Intel Bug Bounty Program Requirements
To qualify for the new Intel Bug Bounty Program, you must meet ALL of the following requirements.
You are reporting in an individual capacity or, if employed by another company, you have that company’s written approval to submit a report to Intel’s Bug Bounty program.
You are at least 18 years of age, and, if considered a minor in your place of residence, you have your parent’s or legal guardian’s permission prior to reporting.
You are not a resident of a US-embargoed country.
You are not on a US list of sanctioned individuals.
You are not currently nor have been an employee of Intel Corporation, or an Intel subsidiary, within 6 months prior to submitting a report.
You are not currently nor have been under contract to Intel Corporation, or an Intel subsidiary, within 6 months prior to submitting a report.
You are not a family nor household member of any individual who currently or within the past 6 months meets or met the criteria listed in the two bullet points directly above.
You agree to participate in testing mitigation effectiveness and coordinating disclosure / release / publication of your finding with Intel.
The New Intel Bug Report Requirements
For your Intel bug reports to be eligible for bounty award consideration, they must meet the following requirements :
Must pertain to an item explicitly listed below as “Eligible Intel products and technologies”.
Must identify an original and previously unreported & not publicly disclosed vulnerability.
Must have been tested against most recent publicly available version of the affected product or technology.
Must include clear documentation on the vulnerability and instructions on how to reproduce the vulnerability.
Must include your assessed CVSS v3 vector string, score, and rating using one of the approved CVSS v3 calculators referenced below.
The following are vulnerabilities that will not qualify for bounty awards :
Vulnerabilities in pre-release versions (e.g., Beta, Release Candidate).
Vulnerabilities in versions no longer under active support.
Vulnerabilities already known to Intel.
Vulnerabilities present in any component of an Intel product where the root-cause vulnerability in the component has already been identified for another Intel product.
Vulnerabilities considered out of scope as defined below.
[adrotate group=”1″]
Eligible Intel Products & Technologies
Intel Hardware
Processor (inclusive of micro-code ROM + updates)
Chipset
FPGA
Networking / Communication
Motherboard / System (e.g., Intel Compute Stick, NUC)
Solid State Drives
Intel Firmware
UEFI BIOS (Tiano core components for which Intel is the only named maintainer)
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
At CES 2018, AMD announced the AMD Raven Ridge desktop processors – the long-awaited AMD Ryzen APUs. They are basically AMD Ryzen processors with AMD Radeon Vega graphics built-in. We can now share with you the full details and our reviews of the AMD Raven Ridge desktop APUs!
Updated @ 2018-02-13 : Added the AMD Ryzen 5 2400G and Ryzen 3 2200G review links. Updated various parts of the article.
Updated @ 2018-02-10 : Added two new sections on the new CPU package, L3 cache, PCI Express lanes, and Precision Boost 2. Also updated the section on the Single CCX Configuration.
Originally posted @ 2018-02-08
[/su_spoiler]
The AMD Raven Ridge Desktop APU Reviews
Here are the reviews of the new AMD Raven Ridge desktop APUs.
Raven Ridge is AMD’s codename for their Ryzen-Vega APUs (Accelerated Processing Units). First introduced in the mobile segment as the AMD Ryzen Mobile, AMD is now introducing them to the desktop market.
Desktops APUs are not new. AMD have been making them for years, and many Intel desktop processors come with integrated graphics. But AMD is still the only manufacturer to integrate “premium CPU cores” with “premium graphics cores” to deliver gaming for the masses with :
1080p HD+ gaming performance without a discrete graphics card
support for Radeon FreeSync, Radeon Chill, Enhanced Sync and Radeon ReLive
Single CCX Configuration
Unlike the Summit Ridge-based Ryzen CPUs, the AMD Raven Ridge processors use a single CCX configuration. This is a cost-saving measure with a much smaller die size, that also yield some performance benefits – reduced cache and memory latencies.
AMD analysed the performance of the 2+2 and 4+0 configuration and concluded that they are “roughly equivalent on average across 50+ games“.
Smaller L3 Cache
Using a single CCX configuration halves the Raven Ridge L3 cache size from 8 MB to 4 MB. To compensate, AMD increased their base and boost clock speeds, particularly in the Ryzen 5 2400G.
New CPU Package
The Raven Ridge APUs also introduce a revised CPU package, and a switch to the traditional non-metallic TIM (thermal interface material). These are again cost-cutting measures, albeit with a side benefit of allowing the Raven Ridge processors to officially support DDR4-2933 memory.
[adrotate group=”1″]
Precision Boost 2
The new Raven Ridge processors also boast the improved Precision Boost 2, whose more graceful and linear boost algorithm allows them to “boost more cores, more often, on more workloads“. It is now able to change frequencies in very fine granularity of just 25 MHz.
According to AMD, this will allow the Raven Ridge processors to perform better with apps and games that spawn many lightweight threads, as opposed to apps with persistent loads (e.g. video editing and 3D rendering).
PCIe x8 For Discrete GPU
The Summit Ridge-based AMD Ryzen 7, Ryzen 5 and Ryzen 3 processors have 16 PCI Express 3.0 lanes dedicated to the PCIe graphics card. In Raven Ridge, that gets cut down to half. That means any external graphics card will only communicate with a Raven Ridge processor at PCIe x8 speed.
This is a cost-saving measure, making the Raven Ridge processor simpler and cheaper to produce. The Ryzen 3 2200G, for example, is $10 cheaper than its predecessor, the Ryzen 3 1200. They also claim that the move contributed to a smaller and more efficient uncore.
AMD made this decision because “abundant public data has shown that this is a neutral change for the midrange GPUs and workloads likely to be paired with a $99-169 processor“.
Frankly, the Raven Ridge is best used as-is. If you plan to use a discrete graphics card, it makes far more sense to get the Summit Ridge-based AMD Ryzen 7, Ryzen 5 and Ryzen 3 processors instead.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
The AMD Ryzen 2000G Series APUs Revealed!
As announced at CES 2018, AMD is introducing two Raven Ridge desktop processors as part of the new AMD Ryzen 2000G family – the AMD Ryzen 5 2400G, and the AMD Ryzen 3 2200G.
AMD kindly sent us their Raven Ridge desktop processor media kit, which we unboxed in this video :
The AMD Raven Ridge Desktop APU Specification Comparison
For your convenience, we created this table that compares their key specifications with those of their CPU-equivalents – the AMD Ryzen 5 1400 and the AMD Ryzen 3 1200.
Specifications
AMD Ryzen 5 2400G
AMD Ryzen 5 1400
AMD Ryzen 3 1200
AMD Ryzen 3 2200G
TDP
65 W
65 W
65 W
65 W
Socket
AM4
AM4
AM4
AM4
Process Technology
14 nm FinFET
14 nm FinFET
14 nm FinFET
14 nm FinFET
Transistor Count
4.94 Billion
4.8 Billion
4.8 Billion
4.94 Billion
Die Size
209.78 mm²
192 mm²
192 mm²
209.78 mm²
CCX Configuration
4+0
2+2
2+2
4+0
Processor Cores
4
4
4
4
Number of Simultaneous Threads
8
8
4
4
L2 Cache Size
2 MB
2 MB
2 MB
2 MB
L3 Cache Size
4 MB
8 MB
8 MB
4 MB
Base Clock Speed
3.6 GHz
3.2 GHz
3.1 GHz
3.5 GHz
Boost Clock Speed
3.9 GHz
3.4 GHz
3.4 GHz
3.7 GHz
Max. DDR4 Speed
DDR4-2933
DDR4-2667
DDR4-2667
DDR4-2933
GPU
Radeon RX Vega 11
- 704 stream processors
- 44 TMUs, 16 ROPs
- Up to 1250 MHz
None
None
Radeon Vega 8
- 512 stream processors
- 32 TMUs, 16 ROPs
- Up to 1100 MHz
PCI Express Lanes
PCIe x8
PCIe x16
PCIe x16
PCIe x8
Bundled CPU Cooler
AMD Wraith Stealth
AMD Wraith Stealth
AMD Wraith Stealth
AMD Wraith Stealth
Launch Price
US$ 169
US$ 169
US$ 109
US$ 99
AMD Raven Ridge Price & Availability
The AMD Raven Ridge desktop APUs are available for purchase starting 12 February 2018, at the following prices :
At those price points, these Raven Ridge APUs will literally shred Intel processors with integrated graphics to pieces with their value proposition. More cores and more threads, with a much faster graphics core, at such prices. What more can you ask for?
The AMD Raven Ridge desktop APUs will be a relief to many esports gamers, who are suffering from extremely high GPU prices because of cryptocurrency miners.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
Intel has always maintained that Meltdown and Spectre only affected their processors from Nehalem onwards. Every list they released publicly has backed that up. However, we can now confirm that even the Intel Penryn CPUs are also vulnerable to Meltdown and Spectre.
Intel Penryn CPUs Also Vulnerable To Meltdown + Spectre
Every list Intel ever released on Meltdown and Spectre have only listed their CPUs from the Nehalem microarchitecture onwards. Although it was possible that the Intel Penryn microarchitecture was also affected, Intel conspicuously left them out of every list.
On 8 February 2018, Intel released a schedule of microcode updates meant to fix the random and spontaneous reboot problems they had with their Spectre 2 patches. Hidden in that schedule is the acknowledgement that the Intel Penryn microarchitecture was also vulnerable.
Those who have been tracking the Intel microcode updates will note that the Intel Penryn processors were not mentioned in the last update on 24 January 2018.
What Are The Intel Penryn CPUs Vulnerable To Meltdown + Spectre?
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
Intel Penryn Desktop CPUs Vulnerable To Meltdown + Spectre
Intel Yorkfield-6M (2008-2010)
Intel Core 2 Quad Q9705
Intel Core 2 Quad Q9700
Intel Core 2 Quad Q9505S
Intel Core 2 Quad Q9505
Intel Core 2 Quad Q9500
Intel Core 2 Quad Q9400S
Intel Core 2 Quad Q9400
Intel Core 2 Quad Q9300
Intel Core 2 Quad Q8400S
Intel Core 2 Quad Q8400
Intel Core 2 Quad Q8300
Intel Core 2 Quad Q8200S
Intel Core 2 Quad Q8200
Intel Yorkfield (2008-2009)
Intel Core 2 Quad Q9650
Intel Core 2 Quad Q9550S
Intel Core 2 Quad Q9550
Intel Core 2 Quad Q9450S
Intel Core 2 Quad Q9450
Intel Wolfdale (2008-2009)
Intel Core 2 Duo E8700
Intel Core 2 Duo E8600
Intel Core 2 Duo E8500
Intel Core 2 Duo E8400
Intel Core 2 Duo E8300
Intel Core 2 Duo E8290
Intel Core 2 Duo E8200
Intel Core 2 Duo E8190
Intel Wolfdale-3M (2008-2010)
Intel Core 2 Duo E7600
Intel Core 2 Duo E7500
Intel Core 2 Duo E7400
Intel Core 2 Duo E7300
Intel Core 2 Duo E7200
Intel Pentium E6800
Intel Pentium E6700
Intel Pentium E6600
Intel Pentium E6500K
Intel Pentium E6500
Intel Pentium E6300
Intel Pentium E5800
Intel Pentium E5700
Intel Pentium E5500
Intel Pentium E5400
Intel Pentium E5300
Intel Pentium Dual-Core E5300
Intel Pentium E5200
Intel Pentium Dual-Core E5200
Intel Pentium Dual-Core E2210
Intel Celeron E3500
Intel Celeron E3400
Intel Celeron E3300
Intel Celeron E3200
Intel Allendale (2008-2009)
Intel Celeron E1600
Intel Celeron E1500
Intel Celeron E1400
Intel Celeron E1200
Intel Yorkfield-XE (2007-2008)
Intel Core 2 Extreme QX9775
Intel Core 2 Extreme QX9770
Intel Core 2 Extreme QX9650
Intel Conroe-L (2007-2008)
Intel Celeron 450
Intel Celeron 445
Intel Celeron 430
Intel Celeron 420
Intel Celeron 220
Intel Kentsfield (2007)
Intel Core 2 Quad Q6700
Intel Core 2 Quad Q6600
Intel Core 2 Quad Q6400
Intel Conroe-CL (2007)
Intel Core 2 Duo E6405
Intel Core 2 Duo E6305
Intel Celeron 445
Intel Conroe (2006-2008)
Intel Core 2 Duo E6850
Intel Core 2 Duo E6750
Intel Core 2 Duo E6700
Intel Core 2 Duo E6600
Intel Core 2 Duo E6550
Intel Core 2 Duo E6540
Intel Core 2 Duo E6420
Intel Core 2 Duo E6400
Intel Core 2 Duo E6320
Intel Core 2 Duo E6300
Intel Core 2 Duo E4700
Intel Core 2 Duo E4600
Intel Core 2 Duo E4500
Intel Core 2 Duo E4400
Intel Core 2 Duo E4300
Intel Pentium Dual-Core E2220
Intel Pentium Dual-Core E2200
Intel Pentium Dual-Core E2180
Intel Pentium Dual-Core E2160
Intel Pentium Dual-Core E2140
Intel Kentsfield-XE (2006-2007)
Intel Core 2 Extreme QX6850
Intel Core 2 Extreme QX6800
Intel Core 2 Extreme QX6700
[adrotate group=”1″]
Intel Penryn Mobile CPUs Vulnerable To Meltdown + Spectre
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
The upcoming Samsung Galaxy S9 promises a big upgrade in photographic capabilities, but that’s not all Samsung will be revealing soon. To be paired with the Samsung Galaxy S9 – a new DeX docking station called the Samsung DeX Pad.
Introducing The Samsung DeX Pad for Galaxy S9!
The Samsung DeX dock was originally designed for the Samsung Galaxy S8, allowing for a desktop-like working experience. All you need to do is hook up the DeX to a display, a mouse and a keyboard.
Thanks to serial leaker Evan Blass, we now have the actual pictures and details of the new Samsung DeX Pad dock, which will complement the upcoming Samsung Galaxy S9.
The Samsung DeX Pad will retain these ports :
two full-size USB 2.0 Type A ports,
a full-size HDMI 2.0 port, and
a USB 3.1 Type C port (for power input).
There are some changes over the original Samsung DeX though :
The smartphone will lay flat on the DeX Pad.
The 100 Mbps Ethernet port has been removed.
The flat layout is said to allow the Galaxy S9 to be used as a touch pad, or virtual keyboard.
However, that may not be very practical, since the Galaxy S9 will be significantly elevated above the table. The dock connector, which appears to jut above the base of the docked smartphone, will also get in the way.
The missing LAN port is no real loss. Some hotels still offer Internet over LAN cables, but the vast majority will offer WiFi access as well.
Although it will be marketed at Galaxy S9 users, the DeX Pad will likely work with Samsung Galaxy S8 devices as well.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
It is common knowledge that the latest AMD Ryzen 7, Ryzen 5 and Ryzen 3 are vulnerable to the Spectre exploits, and so are the older AMD processors based on their Bulldozer microarchitecture. But what about the AMD K10 and K8 processors? Today, we can confirm that AMD K10 and K8 processors from as far back as 2003 are vulnerable to Spectre.
AMD K10 And K8 Processors Are Also Vulnerable To Spectre
While it was common knowledge that the latest AMD Ryzen 7, Ryzen 5 and Ryzen 3, as well as the Bulldozer-based APUs are vulnerable to Spectre, no one knew for sure whether the older AMD K10 and K8 processors were also affected. After all, they were based on a different microarchitecture.
That was until they revealed their Spectre mitigation strategies. Hidden in their whitepaper were references to AMD Family 10h (also known as AMD K10), as well as AMD Family 0Fh (also known as AMD K8).
So we now know, for sure, that the AMD K10 and AMD K8 processors are also vulnerable to Spectre.
What Are The Affected AMD K10 & K8 Processors?
The AMD K10 family alone adds 96 AMD server CPUs, 168 AMD desktop CPUs, and 77 AMD mobile CPUs to the list of vulnerable processors.
The AMD K8 family adds a further 128 AMD server CPUs, 137 AMD desktop CPUs, and 57 AMD mobile CPUs to the list.
For your convenience, we included the entire list of vulnerable AMD K10 and AMD K8 processors, split into three lists :
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
You may recall our extensive coverage of Intel’s buggy Spectre 2 patches that were causing random and spontaneous reboots in over 800 CPU models. It’s gotten so bad that Microsoft was forced to issue KB4078130 – an emergency update to disable the Intel Spectre 2 mitigations that were causing the spontaneous reboots.
Spectre Variant 2
Colloquially known as Spectre 2, it is more accurately known as Spectre Variant 2, Google Project Zero Variant 2 (GPZ Variant 2), or officially as CVE-2017-5715.
After deploying the Spectre 2 patches in their new microcode updates, Intel started receiving reports of “higher than expected reboots and other unpredictable system behaviour“.
Microsoft confirmed this, stating further that their “own experience is that system instability can in some circumstances cause data loss or corruption“.
KB4078130 : Update To Disable Mitigation Against Spectre, Variant 2
Unwilling to wait for Intel to fix the problem, Microsoft decided to issue KB4078130 – an “out of band” or emergency update. All it does is disable the mitigation against Spectre 2.
Their tests proved that this update is sufficient to prevent the random and spontaneous reboots experienced by the affected Intel processors.
If you are a system administrator, or a 1337 techie, Microsoft is making available a new registry key to manually disable and re-enable the mitigation against Spectre 2.
Instructions for Windows administrators –KB4073119
Instructions for Windows Server administrators – KB4072698
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
Confused about Net Neutrality? Thanks to Burger King’s viral Whopper Neutrality video, you can easily grasp the concept, and understand why all of your nerdy friends are so incensed with Ajit Pai, and his successful repeal of net neutrality.
Whopper Neutrality – A Simple Guide To Net Neutrality
Part advertisement for their Whopper burger, part explainer on net neutrality, the Whopper Neutrality video has amassed millions of views on YouTube and has gone viral on social media.
The Whopper Neutrality video starts with interviews of random people who were clueless about net neutrality, and its repeal. It then segued into a prank at a Burger King outlet, where customers were asked to pay extra if they wanted their Whoppers to be delivered faster.
In a hilarious reference to broadband speed in Mbps, Burger King staff members explained to confused customers that MBPS stood for “Making Burgers Per Second“, and how the price they pay determines how fast they get their Whoppers :
Obviously, their customers were not impressed. NOT IMPRESSED AT ALL when they learned they will have to wait 15-20 minutes for their Whoppers, unless they paid extra.
They became livid when they found out that the Whoppers were already made, and ready to be served. But because they refused to pay extra, they would have to wait for their Whoppers.
That is essentially what net neutrality aims to prevent – the right of Internet service providers to control how fast websites and services on the Internet load. In other words – those who want their content to load faster will have to pay these Internet service provider.
Net Neutrality
Net neutrality is not a new concept. It was coined by Columbia University professor Tim Wu in 2003, and it has been used by the FCC since 2004 to force Internet service providers to treat all Internet content equally.
The Obama Administration fought to preserve net neutrality, with President Obama recommending in 2014 that the FCC reclassify broadband Internet as a telecommunications service. This would make them equivalent to other telecommunications companies, subject to common carrier rules.
[adrotate group=”2″]
Then came with Trump Administration. One of the first things President Donald Trump did – appoint Ajit Pai, who is vehemently against net neutrality, as the Chairman of the FCC (Federal Communications Commission).
Calling the move “Restoring Internet freedom“, Ajit Pai began rolling back net neutrality, despite overwhelming support by the public for net neutrality to be maintained. He successfully achieved that end on 14 December 2017, when the FCC voted to repeal net neutrality.
Barring a change in the US Presidency, the only way to restore net neutrality would be to force the US Congress to enact legislation to protect net neutrality. If you’re a US citizen, write to your Congresspersons, and make sure they understand how much YOU value net neutrality.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
Within a week after the Meltdown and Spectre exploits revealed, the first Apple Spectre patches were introduced. And Apple has finally released their next slew of patches that will help protect Apple computers against Meltdown and Spectre.
There has been some confusion about what was “fixed” in which patch. In this article, we will share with you exactly mitigations were introduced in which OS X update. As usual, we will update this article, as and when new Apple Spectre or Meltdown patches are released.
The Apple Spectre + Meltdown Patches
macOS High Sierra 10.13.2 Supplemental Update
Date Of Introduction : 8 January 2018
Operating System Patched : macOS 10.13 High Sierra
GPZ Variant Addressed : Spectre 1 and 2 (CVE-2017-5753 and CVE-2017-5715)
The first known update was the macOS High Sierra 10.13.2 Supplemental Update. It introduced a number of mitigations against the two Spectre variants (CVE-2017-5753 and CVE-2017-5715). Specifically, several security improvements were made to Safari and WebKit.
After updating, Safari will be upgraded to version 11.0.2 (13604.4.7.1.6) or version 11.0.2 (13604.4.7.10.6).
Security Update 2018-001 Sierra
[adrotate group=”2″]
Date Of Introduction : 23 January 2018
Operating System Patched : macOS 10.12 Sierra
GPZ Variant Addressed : Meltdown (CVE-2017-5754)
This security update patched all versions of macOS Sierra against the Meltdown exploit (CVE-2017-5754).
Security Update 2018-001 El Capitan
Date Of Introduction : 23 January 2018
Operating System Patched : OS X 10.11 El Capitan
GPZ Variant Addressed : Meltdown (CVE-2017-5754)
This security update patched all versions of OS X El Capitan against the Meltdown exploit (CVE-2017-5754).
Outstanding Apple Spectre + Meltdown Patches
From what we understand, these are the likely Apple Spectre and Meltdown patches that are still outstanding, and will eventually be released :
A Meltdown patch for macOS High Sierra
Spectre mitigation patches for macOS Sierra and OS X El Capitan
EFI firmware updates for various Mac computers
We will update this article, as and when new Apple Spectre or Meltdown patches are released.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
YouTube is preparing to cut off monetisation opportunities for small and budding video creators. Those who don’t make their new requirements by 20 February 2018, will be removed from their YouTube Partner Program.
The YouTube Partner Program allows video creators to earn some money off their work, by adding YouTube ads to their uploaded videos. They also earn money when YouTube Red subscribers watch their videos.
Not everyone can join the YouTube Partner Program. You have to meet their minimum requirements before you are allowed to start monetising the videos you upload to YouTube.
What Changed?
Back in April of 2017, YouTube set the eligibility requirement of 10,000 lifetime views. That means the videos in your channel must accumulate at least 10,000 views before you can start monetising them.
On 16 January 2018, they hiked up that eligibility requirement significantly, requiring your channel to have :
a minimum of 1,000 subscribers, and
at least 4,000 hours / 240,000 minutes watched in the previous 12 months
Those who are already in the YouTube Partner Program were given just 30 days to comply with those requirements, or get kicked off the program.
Racking up 4,000 hours or 240,000 minutes watched in the previous 12 months is not difficult. Even small-timers can hit that target, if they make good videos. They don’t have make many videos. They just have to make good videos that resonate with people.
The biggest problem creators will have is racking up 1,000 subscribers. It is arguably easy for those who focus on light, fun material… and difficult for those who choose weightier material. In other words – kitten videos will get more subscribers than videos on social issues and even technology.
The minimum subscriber requirement will likely push new and budding video creators to shift to mass appeal content (fake news, cat videos and pranks), and lower quality but more frequent content.
We’ve arrived at these new thresholds after thorough analysis and conversations with creators like you.
They will allow us to significantly improve our ability to identify creators who contribute positively to the community and help drive more ad revenue to them (and away from bad actors).
These higher standards will also help us prevent potentially inappropriate videos from monetizing which can hurt revenue for everyone.
Notwithstanding our opinions on the change, we find those reasons rather ludicrous :
We have no idea who YouTube was talking to, since we never received a survey to opine on the matter. They were probably only talking to their top creators.
We find their focus on identifying “creators who contribute positively to the community” ironic since they don’t seem to punish those who spread fake news, and some of their biggest stars (like Logan Paul) continue to get rich on YouTube by being assholes.
Subscription numbers and watch times are measures of POPULARITY, not QUALITY or VALUE to the community. That’s why Logan Paul has almost 16 million subscribers, while CNN only has just over 2.6 million subscribers.
YouTube : They’re Not Making Much Money Anyway
YouTube pointed out that “99% of those affected were making less than $100 per year in the last year, with 90% earning less than $2.50 in the last month“.
In our opinion, that is a perfectly legit reason. Why should YouTube spend resources serving ads to low traffic channels? Besides, it won’t matter much to them since they earn so little.
That is why we personally have no issues with YouTube’s new requirement of 4,000 watch hours. That’s similar to their previous requirement of 10,000 views, just set to a much higher level.
The Subscriber Requirement Is Unfair & Pointless
The only change we feel is grossly unfair to small and budding creators is the requirement to have 1,000 subscribers. This requirement penalises those who don’t have a prolific output, because people are less likely to subscribe to a channel with low frequency of updates.
Yet it doesn’t mean that these small or budding creators can’t create videos that appeal to many people, and get hundreds of thousands of views. Take, for example, this video on a LEGO Nexo Knights exhibition by The Rojak Pot.
There is no doubt that this video contributes “positively to the community“. It’s certainly not Blade Runner, but we do believe it’s a far more “positive” contribution to the community, than the crap Paul Logan serves to his 15+ million subscribers.
That video alone racked up over 3,100 watch hours and almost 150,000 views. If we posted just two of such videos, we would more than meet the minimum requirement for watch hours.
Yet The Rojak Pot’s YouTube channel has just 307 subscribers. That is nowhere close to meeting the new requirement for monetisation. In other words – all of their videos will cease to generate income, even if they rack up hundreds of thousands of views.
Our Personal Opinion
Personally, we think that a minimum requirement for VIEWS or WATCH HOURS is a good idea. YouTube should not have to spend resources on low-traffic channels.
The minimum requirement for SUBSCRIBERS, on the other hand, is not only unfair, it does not help them identify “creators who contribute positively to the community“.
[adrotate group=”2”]
It only incentivises the community to focus on fluff and nonsensical but entertaining videos. Remember how Logan Paul has SIX TIMES as many subscribers as CNN?
If YouTube drops the subscriber requirement, they will free small and budding creators to focus on creating better videos. It will also allow them to focus on the community niches that interest them, rather than trying to appeal to as many people as possible.
YouTube should want a diverse range of creators focused on different niches, rather than a more homogenous group of creators making basically the same type of content – all designed for mass appeal.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
The YouTube Partner Program Changes
On January 16, 2018, we announced new eligibility requirements for the YouTube Partner Program. Previously, the requirement to join the YouTube Partner Program was 10,000 lifetime views. Now, once a channel reaches 4,000 watch hours in the previous 12 months and 1,000 subscribers it will be reviewed to join the program.
If your application is currently pending review
The new requirement applies to channels that are currently awaiting review to be in the YouTube Partner Program:
If you meet the new threshold, your pending application will be reviewed in the next few weeks.
If you do not yet meet the new threshold, your application will be reviewed once your channels reaches 4,000 watch hours in the previous 12 months and 1,000 subscribers (the new threshold).
If you’re currently part of the YouTube Partner Program
The new requirement applies to existing channels who are currently part of the YouTube Partner Program:
If your channel meets the threshold, you will remain in the YouTube Partner Program.
If your channel is below the threshold, you’ll have until February 20, 2018, before your channel is removed from the YouTube Partner Program. The YouTube Creator Academy has many tips on building your channel, such as how to make great original content and growing your audience.
If your channel reaches the new threshold by February 20, 2018, you will automatically stay in the program (you do not need to re-apply).
Additional Changes to the YouTube Partner Program (YPP) to Better Protect Creators
by Neal Mohan, Chief Product Officer and Robert Kyncl, Chief Business Officer
2017 marked a tough year for many of you, with several issues affecting our community and the revenue earned from advertising through the YouTube Partner Program (YPP). Despite those issues more creators than ever are earning a living on YouTube, with the number of channels making over six figures up over 40% year-over-year. In 2018, a major focus for everyone at YouTube is protecting our creator ecosystem and ensuring your revenue is more stable.
As Susan mentioned in December, we’re making changes to address the issues that affected our community in 2017 so we can prevent bad actors from harming the inspiring and original creators around the world who make their living on YouTube. A big part of that effort will be strengthening our requirements for monetization so spammers, impersonators, and other bad actors can’t hurt our ecosystem or take advantage of you, while continuing to reward those who make our platform great.
Back in April of 2017, we set a YPP eligibility requirement of 10,000 lifetime views. While that threshold provided more information to determine whether a channel followed our community guidelines and policies, it’s been clear over the last few months that we need a higher standard.
Starting today we’re changing the eligibility requirement for monetization to 4,000 hours of watchtime within the past 12 months and 1,000 subscribers. We’ve arrived at these new thresholds after thorough analysis and conversations with creators like you. They will allow us to significantly improve our ability to identify creators who contribute positively to the community and help drive more ad revenue to them (and away from bad actors). These higher standards will also help us prevent potentially inappropriate videos from monetizing which can hurt revenue for everyone.
On February 20th, 2018, we’ll also implement this threshold across existing channels on the platform, to allow for a 30 day grace period. On that date, channels with fewer than 1,000 subs or 4,000 watch hours will no longer be able to earn money on YouTube. When they reach 1,000 subs and 4,000 watch hours they will be automatically re-evaluated under strict criteria to ensure they comply with our policies. New channels will need to apply, and their application will be evaluated when they hit these milestones.
Though these changes will affect a significant number of channels, 99% of those affected were making less than $100 per year in the last year, with 90% earning less than $2.50 in the last month. Any of the channels who no longer meet this threshold will be paid what they’ve already earned based on our AdSense policies. After thoughtful consideration, we believe these are necessary compromises to protect our community.
Of course, size alone is not enough to determine whether a channel is suitable for monetization, so we’ll continue to use signals like community strikes, spam, and other abuse flags to ensure we’re protecting our creator community from bad actors. As we continue to protect our platform from abuse, we want to remind all of you to follow YouTube’s Community Guidelines, Monetization Basics & Policies, Terms of Service, and Google AdSense program policies, as violating any of these may lead to removal from the YouTube Partner Program.
While this change will tackle the potential abuse of a large but disparate group of smaller channels, we also know that the bad action of a single, large channel can also have an impact on the community and how advertisers view YouTube. We’ll be working to schedule conversations with our creators in the months ahead so we can hear your thoughts and ideas and what more we can do to tackle that challenge.
One of YouTube’s core values is to provide anyone the opportunity to earn money from a thriving channel, and while our policies will evolve over time, our commitment to that value remains. Those of you who want more details around this change, or haven’t yet reached this new 4,000 hour/1,000 subscriber threshold can continue to benefit from our Creator Academy, our Help Center, and all the resources on the Creator Site to grow your channels.
Even though 2017 was a challenging year, thanks to creators like you, it was full of the moments that make YouTube such a special place. Creators large and small, established and emerging, transformed their talent and originality into videos that captivated over a billion people around the world. They made us laugh, taught us about our world and warmed our hearts. We’re confident the steps we’re taking today will help protect and grow our inspiring community well into the future.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
Microsoft has stopped pushing a number of Windows 10 updates, including the Meltdown and Spectre mitigation patches, because they were bricking some AMD PCs. Frustrated users were left with their AMD PCs in an unbootable state after installing those updates. The cure was, in this case, worse than the disease!
Updated @ 2018-01-16 : Added another affected CPU, a new section on Microsoft’s confusing statement, and a new section on what you should do.
Updated @ 2018-01-15 : Added 6 more CPUs affected by these Windows 10 updates, as well as the official word from AMD.
Updated @ 2018-01-11 : Added more AMD CPUs that were reported to have failed to boot up, after applying these Meltdown and Spectre patches.
Originally posted @ 2018-01-10
These Windows 10 Updates Are Bricking AMD PCs!
Following reports of users unable to boot up their AMD PCs after applying Windows 10 updates, Microsoft has identified the following security patches and updates from 3-9 January 2018 as the culprits :
In the affected AMD systems, the Windows logo will appear after the PC reboots to complete the upgrade process. However, it won’t complete the boot process.
What AMD CPUs Are Affected? Updated!
Neither Microsoft nor AMD have revealed what AMD CPUs are affected but based on user reports, here is a list of affected AMD CPUs.
AMD Ryzen Threadripper 1950X
AMD Ryzen 7 1700
AMD FX-8350
AMD A10-7800
AMD FX-6350
AMD Phenom II X6 Black Edition 1090T
AMD Opteron 180
AMD Athlon X2 5050e
AMD Athlon X2 4850e
AMD Athlon X2 4450B
AMD Athlon X2 L310
AMD Athlon 64 X2 6400+
AMD Athlon 64 X2 6000+
AMD Athlon 64 X2 5600+
AMD Athlon 64 X2 5400+
AMD Athlon 64 X2 5200+
AMD Athlon 64 X2 5000+
AMD Athlon 64 X2 4600+
AMD Athlon 64 X2 4400+
AMD Athlon 64 X2 4200+
AMD Athlon 64 X2 4000+
AMD Athlon 64 X2 3800+
AMD Athlon 64 X2 3200+
AMD Athlon 64 X2 TK-57
AMD Athlon 64 X2 TK-55
AMD Athlon 64 FX-62
AMD Athlon 64 FX-60
AMD Athlon 64 1640B
AMD Sempron 3200+
AMD Turion Neo X2 L625
AMD Turion 64 X2 TL-60
AMD Turion 64 X2 TL-56
AMD Turion X2 RM-72
AMD Turion X2 RM-70
There has been at least one case each involving the newer Ryzen 7 and Threadripper processors, but these are outliers. So far, this issue affects mostly older AMD Athlon processors. However, there
Needless to say, the list above is NOT EXHAUSTIVE. We will update the list, as and when, people report them.
On 11 January 2018, AMD stated that the problem affected AMD Opteron, Athlon and Turion X2 Ultra processors.
How Did This Happen?
Microsoft is blaming documentation from AMD, stating that “some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown.“
Technically, Meltdown and Spectre are CPU, not chipset, vulnerabilities. So Microsoft was probably referring to CPU documentation provided by AMD.
What Is Being Done?
Because Windows 10 forcibly installs updates, Microsoft has temporarily stopped pushing those Windows 10 updates to the affected AMD processors. They’re now working with AMD to correct the problem with those patches.
According to AMD, the new patches will be issued sometime in the week of 15-21 January 2018. At the time of this update (16 January 2018), the new patches have not been released.
Microsoft’s Confusing Statement New!
[adrotate group=”2″]
Microsoft invited some confusion when they stated on 11 January 2018 that “Microsoft has resumed updating the majority of AMD devices with the Windows operating system security update to help protect against the chipset vulnerabilities known as Spectre and Meltdown.”
As far as we can tell – they only resumed Windows 10 updates for the AMD CPUs that are NOT affected by this problem. They merely identified the affected subset of AMD CPUs, and only blocked updates to them – “A small subset of older AMD processors remain blocked to avoid users getting into an unbootable state after installation of recent Windows operating system security updates.”
Should You Install Windows 10 Updates? New!
As Microsoft claims to have accurately determined which subset of AMD CPUs are affected, it is theoretically safe to continue installing Windows 10 updates. Windows 10 should be able to identify your CPU and block the updates if it’s one of the affected models.
That said, there is still NO RISK of a Meltdown or Spectre attack. For all of the hype and panic, there are no know exploits of the speculative execution bug in the wild. The Meltdown and Spectre exploits also require physical access to the system.
So we still think it is better to be safe than sorry and HOLD OFF your Windows 10 updates, if you have an OLDER AMD CPU, until Microsoft releases the proper patches in the next few days.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
AMD updated their security advisory, confirming that their CPUs are also vulnerable to the Spectre 2 exploit. We updated our article Everything On The Intel, AMD & ARM CPU Bug, but it looks like many AMD fanboys still insist that AMD processors are only affected by Spectre 1. So let us burst their bubble and update them on what AMD actually said about this “issue”.
Updated @ 2018-01-15 :Added two new sections addressing the criticisms of the AMD and Intel fanboys.
Originally posted @ 2018-01-13
AMD CPUs Are Also Vulnerable To Spectre 2 Exploit
When AMD first released their security advisory on the Meltdown and Spectre exploits, they stated that, “Differences in AMD architecture mean there is a near zero risk of exploitation of this variant.”
Just over a week later, on 11 January 2018, Mark Papermaster, AMD Senior Vice President and Chief Technology Officer, posted an update of their assessment, stating that “GPZ Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors.”
He clarified that while AMD believes that their “processor architectures make it difficult to exploit Variant 2“, they have defined “a combination of processor microcode updates and OS patches” to mitigate the Spectre 2 threat.
This development is significant, because Spectre 2 is the more problematic exploit of the two. Mainly because any efforts to reduce its risks significantly reduces performance.
According to Microsoft, only Spectre 2 mitigation patches have a significant performance impact. Their initial performance tests show that Spectre 1 and Meltdown mitigation patches have minimal or small performance impact, and are unlikely to be noticed by users.
What Is AMD Doing About Spectre 2?
AMD has already defined the “additional steps” that consists of processor microcode updates and operating system patches that will mitigate the threat of Spectre 2 to their affected processors.
They will make the microcode updates available for the Ryzen and EPYC processors this week, with microcode updates for older processors in the coming weeks.
Notably, Mark said that they would be OPTIONAL. This ties in with their assessment that it would be difficult (albeit not impossible) to exploit Variant 2 in an AMD processor. So AMD users will get the option of NOT applying these microcode updates, at least while no actual Spectre threat exists in the real world.
Linux vendors have started to roll out Spectre 2 patches, while Microsoft will be releasing Spectre 2 patches for Windows shortly.
AMD Fanboys Are Missing The Big Picture
Many AMD fanboys say that we are biased against AMD, because that the risk of a Spectre 2 exploit is small or “virtually non-existent”.
We love the AMD Ryzen just like you do, and find their performance-value proposition incredibly refreshing. In fact, we even wrote an article crediting The Ryzen Effect for creating better Intel processors.
What we reported is no different from the official statement by Mark Papermaster – the AMD CPUs are vulnerable to Spectre 2. But you are all missing the big picture.
[adrotate group=”2″]
The point here isn’t to rub our collective noses in some kind of childish Intel vs. AMD fanboy war, it’s to point out that these Spectre 2 patches will have a significant performance impact.
Because there is no real world exploit of both Meltdown and Spectre, and because AMD’s microarchitecture is more robust against the Spectre 2 vulnerability, there is arguably no real need to apply the Spectre 2 patches.
That’s why we specifically pointed out that “Mark said that they would be OPTIONAL“, so you should have the option of “NOT applying these microcode updates“.
You guys would have realised that if you actually read the article, instead of just stopping at the title.
Intel Fanboys Should Stop Throwing Stones
Some Intel fanboys are using this article as evidence that “AMD got caught lying” or “AMD CPUs are just as bad”. Well, let us address those claims.
AMD did not lie – In their original disclosure, they stated very clearly that “there is a near zero risk” of a Spectre 2 exploit working on an AMD CPU. We specifically mentioned and underlined that in the original article to stress that AMD was already aware that their CPUs are somewhat vulnerable to Spectre 2.
AMD CPUs are far less at risk – Even with this upgraded risk assessment, AMD CPUs are still much less vulnerable to Spectre 2 than Intel CPUs, and they are completely impervious to the Meltdown exploit. Because they are less vulnerable, AMD users have the option of not applying Spectre 2 patches that can have a significant performance impact.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
Thanks to NVIDIA GeForce NOW, your underpowered PC can now let you play games as if it is powered by a high-performance GeForce GTX graphics card! And best of all, NVIDIA is now offering GeForce NOW as a free beta for Windows and Mac desktops and laptops!
What Is NVIDIA GeForce NOW?
NVIDIA GeForce NOW is a game-streaming service that connects your Windows or macOS computer to supercomputers in the cloud that stream 1080p graphics at up to 120 frames per second!
Since all of the graphics processing happens in NVIDIA’s data centers, you can now play the latest PC games even on PCs with low performance integrated graphics. All you have to do is connect to your game library on digital stores like Uplay PC and Steam, and start playing!
Always Updated, Always Expanding
NVIDIA GeForce NOW receives regular updates, including service enhancements, new games and additional data centers. In fact, the 10th NVIDIA GeForce NOW data center was recently opened in Amsterdam.
GeForce NOW also handles your system maintenance tasks, ensuring that patches and driver updates are installed automatically. It also enables cloud saves for cross-platform play.
The Free Public Beta Details
[adrotate group=”2″]
NVIDIA GeForce NOW is currently available as a free public beta for Windows and Mac desktops and laptops in most of North America and Europe.
The app has been localized in French and German, with local language support for many top and diverse gaming experiences including PLAYERUNKNOWN’S BATTLEGROUNDS, Arma 3, Garry’s Mod, Fortnite, and more.
Due to the overwhelming demand, there is currently a waitlist to give the free public beta a try. You can get yourself on the waitlist!
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
Microsoft just revealed that pre-2016 Intel CPUs will be hit worst by the Meltdown and Spectre patches. They also pointed out that the performance impact detailed in benchmarks published so far did not include both operating system and silicon updates, and are therefore, inaccurate.
Microsoft is still working on their own set of benchmarks that will look at the performance impact after both operating system and silicon updates have been applied. In the meantime, Terry Myerson, Executive Vice President of the Windows and Devices Group, shared some preliminary findings.
Performance Impact Of The Meltdown + Spectre Patches
According to Terry, the patches for Variant 1 (Spectre 1) and Variant 3 (Meltdown) of the speculative execution bug have minimal performance impact.
It is the Variant 2 (Spectre 2) patches, both operating system and silicon microcode, that have a significant performance impact.
Here is a summary of what Microsoft has found so far :
Windows 10 With 2016 Or Newer Intel CPUs
Intel CPU Models : Intel Skylake, Intel Kaby Lake, Intel Coffee Lake
Performance Impact :Single digit reduction in performance. Microsoft does not expect most users to notice the impact, because the percentages are “reflected in milliseconds“.
Windows 10 With Pre-2016 Intel CPUs
Intel CPU Models : Intel Broadwell, Intel Haswell, Intel Ivy Bridge, Intel Sandy Bridge, or older.
Performance Impact :Significant slowdowns in some benchmarks. Microsoft expects some users to notice the decrease in performance.
Windows 8 and Windows 7 With Pre-2016 Intel CPUs
Intel CPU Models : Intel Broadwell, Intel Haswell, Intel Ivy Bridge, Intel Sandy Bridge, or older.
Performance Impact :Significant slowdowns. Microsoft expects most users to notice the decrease in performance.
Windows Server On Any Intel CPU
Performance Impact :Significant slowdowns in any IO-intensive application.
Why The Difference In Performance Impact?
In the newer Intel processors (from the 2016 Skylake onwards), Intel refined the instructions used to disable branch speculation to be more specific to indirect branches. This reduces the performance impact of Spectre mitigation patches.
There is a larger performance impact with Windows 8 and Windows 7 because they have more user-kernel transitions. For example, all font rendering takes place in the kernel.
What Should You Do?
If you are using a newer Intel CPU like the Core i7-8700K with Windows 10, you can rest easy knowing that the performance impact of the Meltdown and Spectre patches to be minimal.
If you are using a newer Intel CPU with an older operating system like Windows 8 or Windows 7, you should consider upgrading to Windows 10. This would reduce the performance impact of the Meltdown and Spectre patches.
[adrotate group=”2″]
If you are using a pre-2016 Intel CPU with Windows 10, there is nothing much you can do except consider upgrading to a newer processor. You could possibly live with the performance impact of the Meltdown and Spectre patches.
If you are using a pre-2016 Intel CPU with an older operating system like Windows 8 or Windows 7, you can try upgrading to Windows 10 to reduce the performance impact of the Meltdown and Spectre patches.
If you are managing a Windows Server that uses Intel CPUs, you will need to balance the risk of leaving each Windows Server instance unprotected, against the significant performance impact of protecting it against Meltdown and Spectre.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
Samsung announced in June 2017 that they were killing off My Knox, replacing it with Samsung Secure Folder that ships with the Samsung Galaxy S8 / S8 Plus and Galaxy Note8 smartphones.
Secure Folder is compatible with the Samsung Galaxy S7 and Galaxy S7 edge smartphones that have been upgraded to Android 7.0 Nougat.
Updated @ 2017-12-22 : Revamped the article, adding a migration guide, and a final email from Samsung.
Updated @ 2017-11-16 : Added a new email from Samsung with a confirmed end-of-service date for My Knox.
Originally posted @ 2017-06-07
Samsung Kills My Knox
In early June 2017, Samsung announced that they’re killing My Knox, and replacing it with Secure Folder. The end-of-life date was set for 19 December 2017.
Beginning 20 December 2017, the My Knox app would no longer be available to download from the Google Play Store. The My Knox portal will also be disabled – you won’t be able to login.
Samsung replaced My Knox with their new Secure Folder solution. They promise that it is a superior solution.
Samsung Secure Folder
Samsung Secure Folder is a new security solution that leverages the defense-grade Samsung Knox security platform to create a private, encrypted space on a Samsung Galaxy smartphone running on Android 7.0 Nougat or better.
It is available in the Samsung Galaxy S8 / S8 Plus and Galaxy Note8 smartphones, but can be downloaded and installed in the Samsung Galaxy S7 and Galaxy S7 edge smartphones that have been upgraded to Android 7.0 Nougat.
As no Mobile Device Management (MDM) is required, it is suitable for both personal and business usage. Here are additional details :
Apps and data can be installed or created within Secure Folder, or moved there from outside.
Apps and data moved to Secure Folder are kept separate, leveraging SE for Android – preventing unauthorized communication between apps inside and outside.
Application data and files are encrypted with defense-grade Sensitive Data Protection (SDP) technology – using 256-bit AES cipher algorithm to secure data.
Data remains encrypted even after the user has exited Secure Folder or has turned off the device, and is decrypted when a user successfully authenticates himself / herself.
It can also be used alongside Knox Workspace, enabling two Knox container solutions at the same time.
This allows users to have access to both a dedicated work environment (Knox Workspace), as well as a secure personal area (Secure Folder).
[adrotate group=”1″]
How To Migrate From My Knox To Secure Folder
Fortunately, Samsung made it easy to migrate your private data from My Knox to Secure Folder. Here are the steps :
Log into the My Knox app
Go to My Knox Settings, and select Backup and restore.
Backup your My Knox data (you’ll need a Samsung account to do this).
Install and setup Secure Folder, if you have not already done so.
Log into Secure Folder.
Go to Secure Folder Settings, and select Backup and restore.
Select Restore (using the same Samsung account), and you’re done!
if you are worried about the dangers of backing up your encrypted data to the cloud (it is encrypted!), you can use this alternative method :
Log into the My Knox app.
Copy the data out into the Samsung smartphone, or a secure computer
Install and setup Secure Folder, if you have not already done so.
Move the data into Secure Folder.
Samsung My Knox Termination Chronology
In early June 2017, Samsung sent out this email to all registered Samsung users :
First Samsung warning about terminating My Knox
My Knox will no longer be available on new Samsung devices in 2017. You may continue your secure space experience by setting up Secure Folder, available now from Galaxy Apps.
Secure Folder runs on Android N OS or higher versions only. It leverages the defence-grade Samsung Knox security platform to create a private, encrypted space on your Samsung Galaxy phone. Applications and data moved to Secure Folder are partitioned separately on the device and gain an additional layer of security and privacy.
To seamlessly transfer your private content between solutions, please back up your My Knox data and restore it to Secure Folder. To back up your My Knox data, go to My Knox settings > Backup and restore. Remember, a Samsung account is required to use this feature.
You can restore the backup data after setting up Secure Folder. Go to Secure Folder settings > Backup and restore > Restore.
You may use My Knox until its end-of-service date (which will be announced soon). However, be aware that we will not be actively maintaining the service or adding new features.
This was followed by this email on 15 November 2017, revealing its end-of-service date as 19 December 2017.
Samsung confirms end-of-life date for the My Knox service
Dear customers,
Thank you for using My Knox.
As previously announced, we will end support for My Knox on 19th December 2017. You will not be able to download My Knox from any app store after the end-of-service date.
You may use My Knox on your mobile device until you uninstall the application. However, you will be unable to log in to the My Knox portal to remotely manage your device (e.g. to reset your My Knox password or unlock My Knox).
If you have a phone that runs the Android N OS, we recommend transferring your private data in My Knox to Secure Folder, available at Google Play or Galaxy Apps, and on new Samsung phones such as the Galaxy Note 8. We also recommend backing up your My Knox data first, and restoring the data after you set up Secure Folder.
To back up My Knox data, go to My Knox Settings > Backup and restore > Back up My Knox data. Please note that a Samsung account is required to use the My Knox backup and restore feature.
If your phone does not support Secure Folder, then please back up the content to outside My Knox (e.g. using the Move to Personal mode feature).
For more information regarding My Knox termination, please visit My Knox FAQ .
We hope you have enjoyed your experience with My Knox. Samsung is committed to continuous innovation to provide you with the highest-quality products and services.
This final email was sent on 20 December 2017, noting that My Knox is now terminated :
The final Samsung email on the termination of the My Knox service
Dear customers,
Thank you for using My Knox.
As previously announced, we will terminate the My Knox service on 19th December 2017. You will not be able to download My Knox from any app store from then on. You will also be unable to log in to the My Knox portal to remotely manage your device.
You may use My Knox on your mobile device until you uninstall the application. However we highly recommend you to back up your data or move it to outside My Knox.
If your phone supports Secure Folder, we recommend transferring your private data in My Knox to Secure Folder, available at Google Play or Galaxy Apps, and on new Samsung phones such as the Galaxy Note 8. We also recommend backing up your My Knox data first, and restoring the data after you set up Secure Folder.
To back up My Knox data, go to My Knox Settings > Backup and restore > Back up My Knox data. Please note that a Samsung account is required to use the My Knox backup and restore feature.
However, if your phone does not support Secure Folder, then please back up the content to outside My Knox (e.g. using the Move to Personal mode feature).
We hope you have enjoyed your experience with My Knox. Thank you for using our service.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
ASUS just revealed the ASUS ZenFone Max Plus M1 smartphone, which boasts a 5.7″ full-screen display with a 18:9 aspect ratio and a dual-lens camera system. Here is everything you need to know about the new ASUS ZenFone Max Plus M1 smartphone!
The ASUS ZenFone Max Plus M1 (ZB570TL)
Also known as the ASUS Pegasus 4S in China, the ASUS ZenFone Max Plus M1 has a model number of ZB570TL or ASUS X018D. It has a 18:9 ultra-wide screen display, and a 81.5% screen-to-body ratio. This allows ASUS to fit a 5.7″ display into a 5.2″ form factor.
It is powered by an mid-range MediaTek MT6750T SoC, and comes with 4GB of RAM and up to 64GB of storage. It also has a dedicated slot for a microSD card (up to 256GB), and two nanoSIM slots. All of that is powered by a 4,130 mAh battery with reverse charging capability.
Like the ZenFone 4 Max Pro, the ZenFone Max Plus has a dual-lens camera at the back. But this time, ASUS chose to use a 16 MP + 8 MP combo. The main camera has a 16 MP sensor with f/2.0 lens, while the wide-angle camera has an 8 MP sensor with 120° lens.
Instead of a 16 MP camera in the ZenFone 4 Max Pro, ASUS went with an 8 MP front camera with f/2.2 lens in the ZenFone Max Plus.
The ASUS ZenFone Max Plus M1 Specifications
Specifications
ASUS ZenFone 4 Max Plus M1
Model
ZB570TL
Display
5.7" Full HD+ display with 2.5D curved edge
- 720 x 1440 pixels
Operating System
ZenUI 4.1 (Android 7.0)
System Platform
MediaTek MT6750T
Processor
4 x ARM Cortex-A53 cores (1.5 GHz)
4 x ARM Cortex-A53 cores (1.0 GHz)
4,130 mAh lithium-ion battery
- with Reverse Charging feature
Dimensions
72.7 mm wide
152.6 mm tall
8.8 mm thick
Weight
160 g
Price & Availability
Locally, the ASUS ZenFone Max Plus M1 was just approved by SIRIM, but ASUS confirmed that it will be ready for purchase / delivery starting 20 December 2017. In the meantime, you can pre-order the ZenFone Max Plus M1 at a very, very special price.
The ASUS ZenFone Max Plus M1 will have a recommended retail price of RM 899 / ~US$ 219. But during the pre-order period, ASUS will offer a limited quantity with a discount or Lazada coupon worth RM 200 / ~US$ 49!
[adrotate group=”2″]
Offline Pre-Order Offer
Duration : 14-19 December 2017 Collection : 20 December 2017 Offer : Get a RM 200 rebate when you trade in a mobile phone (working or non-working). A deposit of RM 100 will have to be placed.
Lazada Pre-Order Offer
Duration : 14-19 December 2017 Collection : 22 December 2017 Offer : Get a RM 200 Lazada discount voucher when you purchase the ZenFone Max Plus M1 using this pre-order purchase link. trade in a mobile phone (working or non-working). Each account can only purchase a maximum of two (2) units.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
AMD has been on a yearly update cycle of Radeon Software, ever since they introduced the first version – Crimson Edition on 2 November 2015. This was followed by the Crimson ReLive Edition on 9 December 2016. On 12 December 2017, they introduced the third iteration – Radeon Software Adrenalin Edition.
In addition to enhanced performance, there are over 30 new or improved features in Adrenalin Edition. So join us for a tour of what’s new and what’s improved in the new AMD Radeon Software Adrenalin Edition!
AMD Radeon Software Adrenalin Edition
The AMD Radeon Software Adrenalin Edition is named after the Adrenalin Rose, not the hormone adrenaline (also known as epinephrine). That’s Adrenalin without the e. The Adrenalin Rose is a rich velvet red rose with long thornless stems and deep green foliage.
Before we go into the details, here is a summary of the new features being introduced in Radeon Software Adrenalin Edition :
Radeon Overlay
Radeon Overlay allows gamers to fine-tune their game experience, and monitor, record and share their gameplay without ever leaving the game. It provides one-click access to Radeon ReLive, Performance Monitoring, Radeon Chill, Frame Rate Target Control (FRTC), Radeon FreeSync and Color settings.
AMD Link Mobile App
Available for Android and iOS platforms, the AMD Link is a mobile app that complements Radeon Software on the desktop, at home as a convenient second screen, or on the go. The AMD Link dashboard features streaming and replay with Radeon ReLive, GPU and PC performance monitoring, an AMD news feed, and notifications for new driver releases.
Improved Radeon Software Core Technologies
Radeon ReLive : Radeon ReLive now includes a chat integration feature that allows gamers to engage with their communities while streaming on Facebook, Twitch, Mixer, YouTube, Weibo and more.
Radeon Chill : With Radeon Software Adrenalin Edition, Radeon Chill now supports games based on the Vulkan API, along with DirectX 9, 10, 11, and 12.
Radeon WattMan : With Radeon Software Adrenalin Edition, custom GPU profiles can be saved, reloaded at a later point and shared with the Radeon user community
Enhanced Sync : With improved compatibility and an even wider field of view, Enhanced Sync extends its support to Vulkan API-based games, Radeon GCN architecture-based products, Multi-GPU and AMD Eyefinity Technology.
Operating System Support
The AMD Radeon Software Adrenalin Edition will support Windows 10 and Windows 7. AMD no longer supports Windows 8, but says that the Windows 7 driver works perfectly fine in Windows 8.
The Adrenalin Edition In Detail
If you want more in-depth details on Radeon Software Adrenalin Edition, we split them up into separate sections :
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
The Adrenalin Edition Performance Boost
The Adrenalin Edition is not meant to be a “performance driver update”. In fact, Terry Makedon was amused to read claims that AMD promised big performance update after the Adrenalin Edition name was revealed. That was probably because they mistakenly thought the name was based on the hormone adrenaline…
He clarified that performance optimisation is an on-going concern, with a focus on getting specific optimisations out in time for new game launches. There will be general performance optimisations that will be delivered over the year. But AMD won’t be holding back optimisations just to deliver a major driver update with large performance boost.
With that in mind, this chart does not show a sudden performance boost with Adrenalin Edition. Instead, it shows the cumulative performance gains since the last major release – Crimson ReLive Edition.
They also managed to reduce latency across the board in all DirectX 11 titles.
Borderless Windowed Multi-GPU Support
The Radeon Software Adrenalin Edition introduces a new Borderless Windows Multi-GPU Support, to complement the existing Fullscreen Multi-GPU Support.
Frame Rate Target Control Now Supports Vulkan
Frame Rate Target Control reduces GPU power draw by throttling it to maintain a 60 fps limit. It now supports Vulkan.
[adrotate group=”1″]
Compute Profiles
Compute Profiles was released in an optional update a few weeks ago, and is now part of Adrenalin Edition. The Compute Profile optimises workloads on the GPU to deliver better compute performance for cryptocurrency mining.
In this example, they quoted a 15% boost in Ethereum mining performance with the Compute Profile over the default Gaming Profile on a Radeon RX 570 graphics card.
Radeon Software For Linux
AMD will start offering a single suite containing both open- and closed-source software stacks for Radeon Software. You will be able to choose between the consumer (AMDGPU) or workstation (AMDGPU-PRO) drivers, with the flexibility to mix-and-match open- and closed-source components.
AMD is working to deliver an open-source AMD Vulkan driver for Linux.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
Improved Core Radeon Technologies
Radeon WattMan
The Radeon WattMan is the power management tool that doubles as an overclocking / underclocking tool. In Adrenalin Edition, custom GPU profiles can be saved, reloaded at a later point and shared with the Radeon user community
Radeon Chill
Radeon Chill saves power by dynamically regulating the frame rate based on your in-game movements. With Adrenalin Edition, Radeon Chill now supports games based on the Vulkan API, along with DirectX 9, 10, 11, and 12.
In addition, Radeon Chill now supports a lot more games. Radeon Chill used to work on a whitelist concept – it will only support games that have been profiled and tested. Thanks to improved algorithms and other changes, AMD is switching it to a blacklist concept.
With Adrenalin Edition, Radeon Chill will now work with all games. But if AMD discovers that Chill does not work properly with a certain game, it goes into the blacklist so Radeon Chill won’t run on it. Currently, there are no games in the blacklist.
[adrotate group=”1″]
Enhanced Sync
Think of Enhanced Sync as pseudo-FreeSync, minimising screen tearing with non-FreeSync monitors. With Adrenalin Edition, Enhanced Sync is now enabled on all Radeon GCN-based graphics cards, and supports all Vulkan API-based games. They also added support for Multi-GPU and AMD Eyefinity Technology.
Radeon ReLive
Radeon ReLive now has a Connect section, which serves as a control center for your Radeon ReLive video library. In addition to browsing your recorded videos, you can queue and share them on social media.
Radeon ReLive will now allow you to integrate chats from Twitch, Facebook, Mixer, YouTube, Weibo and more, to your game play.
AMD has also reduced the performance impact of Radeon ReLive. Note that these examples are from an AMD Radeon RX Vega 56 graphics card.
With Adrenalin Edition, Radeon ReLive will also supports games based on the Vulkan API.
Radeon ReLive will also come with support for :
Borderless Region Capture – allowing you to capture only what you want to share, instead of the entire screen.
Chroma Key – allowing you to remove your background in your webcam or video stream
AMD Eyefinity Technology – allowing you to capture your game play across multiple monitors
separate audio tracks – recording mic audio separately from the game audio, for easier mixing and editing later
Radeon FreeSync & Themes
With Adrenalin Edition, you can now enable or disable Radeon FreeSync on a per-game basis. And Radeon Settings will have three UI theme options – Yellow, Crimson and Blue.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
Radeon Overlay
Radeon Overlay allows you to access Radeon ReLive, Performance Monitoring, Radeon Chill, Frame Rate Target Control (FRTC), Radeon FreeSync and Color settings from within the game. Just press Alt+R to activate Radeon Overlay. This key combination, incidentally, can be changed.
Performance Monitoring and Recording
Radeon ReLive
Radeon Chill
Radeon FreeSync
Frame Rate Target Control
Color Settings
[adrotate group=”1″]
AMD Link
Available for Android and iOS platforms, the AMD Link is a mobile app that complements Radeon Software on the desktop, at home as a convenient second screen, or on the go.
You can link multiple PCs to AMD Link using a simple QR code, or you can do it manually. However, your mobile devices must (at least in this version) be on the same network as your computer.
The AMD Link dashboard features streaming and replay with Radeon ReLive, GPU and PC performance monitoring, an AMD news feed, and notifications for new driver releases.
AMD Link is now available on both the Apple App Store and Google Play. It supports smartphones and tablets running on iOS 10 (or better), and Android 5.0 (or better).
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
Adrenalin Edition Summary
In summary, the Radeon Software Adrenalin Edition is a checkpoint when it comes to performance. Performance improvements is a continuous process, with Adrenalin Edition delivering up to 15% better performance compared to Crimson ReLive Edition a year ago.
More important are the 30+ new or enhanced features being introduced in Adrenalin Edition.
The summary includes three infographics created by Sasa Marinkovic and his team.
[adrotate group=”1″]
The Complete Set Of Adrenalin Edition Slides
Here is the complete set of Radeon Software Adrenalin Edition slides, minus the legal boilerplate.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
NVIDIA CEO Jensen Huang (recently anointed as Fortune 2017 Businessperson of the Year) made as surprise reveal at the NIPS conference – the NVIDIA TITAN V. This is the first desktop graphics card to be built on the latest NVIDIA Volta microarchitecture, and the first to use HBM2 memory.
In this article, we will share with you everything we know about the NVIDIA TITAN V, and how it compares against its TITANic predecessors. We will also share with you what we think could be a future NVIDIA TITAN Vp graphics card!
Updated @ 2017-12-10 : Added a section on gaming with the NVIDIA TITAN V [1].
Originally posted @ 2017-12-09
NVIDIA Volta
NVIDIA Volta isn’t exactly new. Back in GTC 2017, NVIDIA revealed NVIDIA Volta, the NVIDIA GV100 GPU and the first NVIDIA Volta-powered product – the NVIDIA Tesla V100. Jensen even highlighted the Tesla V100 in his Computex 2017 keynote, more than 6 months ago!
Yet there has been no desktop GPU built around NVIDIA Volta. NVIDIA continued to churn out new graphics cards built around the Pascal architecture – GeForce GTX 1080 Ti and GeForce GTX 1070 Ti. That changed with the NVIDIA TITAN V.
NVIDIA GV100
The NVIDIA GV100 is the first NVIDIA Volta-based GPU, and the largest they have ever built. Even using the latest 12 nm FFN (FinFET NVIDIA) process, it is still a massive chip at 815 mm²! Compare that to the GP100 (610 mm² @ 16 nm FinFET) and GK110 (552 mm² @ 28 nm).
That’s because the GV100 is built using a whooping 21.1 billion transistors. In addition to 5376 CUDA cores and 336 Texture Units, it boasts 672 Tensor cores and 6 MB of L2 cache. All those transistors require a whole lot more power – to the tune of 300 W.
[adrotate group=”1″]
The NVIDIA TITAN V
That’s V for Volta… not the Roman numeral V or V for Vendetta. Powered by the NVIDIA GV100 GPU, the TITAN V has 5120 CUDA cores, 320 Texture Units, 640 Tensor cores, and a 4.5 MB L2 cache. It is paired with 12 GB of HBM2 memory (3 x 4GB stacks) running at 850 MHz.
The blowout picture of the NVIDIA TITAN V reveals even more details :
It has 3 DisplayPorts and one HDMI port.
It has 6-pin + 8-pin PCIe power inputs.
It has 16 power phases, and what appears to be the Founders Edition copper heatsink and vapour chamber cooler, with a gold-coloured shroud.
There is no SLI connector, only what appears to be an NVLink connector.
Here are more pictures of the NVIDIA TITAN V, courtesy of NVIDIA.
Can You Game On The NVIDIA TITAN V? New!
Right after Jensen announced the TITAN V, the inevitable question was raised on the Internet – can it run Crysis / PUBG?
The NVIDIA TITAN V is the most powerful GPU for the desktop PC, but that does not mean you can actually use it to play games. NVIDIA notably did not mention anything about gaming, only that the TITAN V is “ideal for developers who want to use their PCs to do work in AI, deep learning and high performance computing.”
[adrotate group=”2″]
In fact, the TITAN V is not listed in their GeForce Gaming section. The most powerful graphics card in the GeForce Gaming section remains the TITAN Xp.
Then again, the TITAN V uses the same NVIDIA Game Ready Driver as GeForce gaming cards, starting with version 388.59. Even so, it is possible that some or many games may not run well or properly on the TITAN V.
Of course, all this is speculative in nature. All that remains to crack this mystery is for someone to buy the TITAN V and use it to play some games!
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
The NVIDIA TITAN V Specification Comparison
Let’s take a look at the known specifications of the NVIDIA TITAN V, compared to the TITAN Xp (launched earlier this year), and the TITAN X (launched late last year). We also inserted the specifications of a hypotheticalNVIDIA TITAN Vp, based on a full GV100.
Specifications
Future TITAN Vp?
NVIDIA TITAN V
NVIDIA TITAN Xp
NVIDIA TITAN X
Microarchitecture
NVIDIA Volta
NVIDIA Volta
NVIDIA Pascal
NVIDIA Pascal
GPU
GV100
GV100
GP102-400
GP102-400
Process Technology
12 nm FinFET+
12 nm FinFET+
16 nm FinFET
16 nm FinFET
Die Size
815 mm²
815 mm²
471 mm²
471 mm²
Tensor Cores
672
640
None
None
CUDA Cores
5376
5120
3840
3584
Texture Units
336
320
240
224
ROPs
NA
NA
96
96
L2 Cache Size
6 MB
4.5 MB
3 MB
4 MB
GPU Core Clock
NA
1200 MHz
1405 MHz
1417 MHz
GPU Boost Clock
NA
1455 MHz
1582 MHz
1531 MHz
Texture Fillrate
NA
384.0 GT/s
to
465.6 GT/s
355.2 GT/s
to
379.7 GT/s
317.4 GT/s
to
342.9 GT/s
Pixel Fillrate
NA
NA
142.1 GP/s
to
151.9 GP/s
136.0 GP/s
to
147.0 GP/s
Memory Type
HBM2
HBM2
GDDR5X
GDDR5X
Memory Size
NA
12 GB
12 GB
12 GB
Memory Bus
3072-bit
3072-bit
384-bit
384-bit
Memory Clock
NA
850 MHz
1426 MHz
1250 MHz
Memory Bandwidth
NA
652.8 GB/s
547.7 GB/s
480.0 GB/s
TDP
300 watts
250 watts
250 watts
250 watts
Multi GPU Capability
NVLink
NVLink
SLI
SLI
Launch Price
NA
US$ 2999
US$ 1200
US$ 1200
The NVIDIA TITAN Vp?
In case you are wondering, the TITAN Vp does not exist. It is merely a hypothetical future model that we think NVIDIA may introduce mid-cycle, like the NVIDIA TITAN Xp.
Our TITAN Vp is based on the full capabilities of the NVIDIA GV100 GPU. That means it will have 5376 CUDA cores with 336 Texture Units, 672 Tensor cores and 6 MB of L2 cache. It will also have a higher TDP of 300 watts.
[adrotate group=”1″]
The Official NVIDIA TITAN V Press Release
December 9, 2017—NVIDIA today introduced TITAN V, the world’s most powerful GPU for the PC, driven by the world’s most advanced GPU architecture, NVIDIA Volta .
Announced by NVIDIA founder and CEO Jensen Huang at the annual NIPS conference, TITAN V excels at computational processing for scientific simulation. Its 21.1 billion transistors deliver 110 teraflops of raw horsepower, 9x that of its predecessor, and extreme energy efficiency.
“Our vision for Volta was to push the outer limits of high performance computing and AI. We broke new ground with its new processor architecture, instructions, numerical formats, memory architecture and processor links,” said Huang. “With TITAN V, we are putting Volta into the hands of researchers and scientists all over the world. I can’t wait to see their breakthrough discoveries.”
NVIDIA Supercomputing GPU Architecture, Now for the PC
TITAN V’s Volta architecture features a major redesign of the streaming multiprocessor that is at the center of the GPU. It doubles the energy efficiency of the previous generation Pascal design, enabling dramatic boosts in performance in the same power envelope.
New Tensor Cores designed specifically for deep learning deliver up to 9x higher peak teraflops. With independent parallel integer and floating-point data paths, Volta is also much more efficient on workloads with a mix of computation and addressing calculations. Its new combined L1 data cache and shared memory unit significantly improve performance while also simplifying programming.
Fabricated on a new TSMC 12-nanometer FFN high-performance manufacturing process customised for NVIDIA, TITAN V also incorporates Volta’s highly tuned 12GB HBM2 memory subsystem for advanced memory bandwidth utilisation.
Free AI Software on NVIDIA GPU Cloud
[adrotate group=”2″]
TITAN V’s incredible power is ideal for developers who want to use their PCs to do work in AI, deep learning and high performance computing.
Users of TITAN V can gain immediate access to the latest GPU-optimised AI, deep learning and HPC software by signing up at no charge for an NVIDIA GPU Cloud account. This container registry includes NVIDIA-optimised deep learning frameworks, third-party managed HPC applications, NVIDIA HPC visualisation tools and the NVIDIA TensorRT inferencing optimiser.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
David Rajoo, Director of Systems Engineering, Symantec Malaysia, reveals the Symantec 2018 Cybersecurity Predictions. They will help CIOs and cybersecurity experts prepare for the onslaught of cybersecurity threats in 2018.
The Symantec 2018 Cybersecurity Predictions
This past year, cyber criminals caused major service disruptions around the world, using their increasing technical proficiency to break through cyber defenses. In 2018, we expect the trend to become more pronounced as these attackers will use machine learning and artificial intelligence to launch even more potent attacks.
Gear up for a busy year ahead. Incidents like the WannaCry attack, which impacted more than 200,000 computers worldwide in May, are just the warmup to a new year of more virulent malware and DDoS attacks. Meanwhile, cyber criminals are poised to step up their attacks on the millions of devices now connected to the Internet of Things both in offices and homes.
The cybersecurity landscape in 2018 is sure to surprise us in ways that we never imagined. As 2017 draws to a close, here is what you can expect over the course of the upcoming year:
The Symantec 2018 Cybersecurity Predictions Part 1/3
Blockchain Will Find Uses Outside Of Cryptocurrencies But Cyber criminals Will Focus On Coins and Exchanges
Blockchain is finally finding applications outside of crypto-currencies, expanding its functions in inter-bank settlements with the help of IoT gaining traction. However, these use cases are still in their infancy stage and are not the focus for most cyber criminals today.
Instead of attacking Blockchain technology itself, cyber criminals will focus on compromising coin-exchanges and users’ coin-wallets since these are the easiest targets, and provide high returns. Victims will also be tricked into installing coin-miners on their computers and mobile devices, handing their CPU and electricity over to cyber criminals.
Cyber criminals Will Use Artificial Intelligence (AI) & Machine Learning (ML) To Conduct Attacks
No cyber security conversation today is complete without a discussion about AI and ML. So far, these conversations have been focused on using these technologies as protection and detection mechanisms. However, this will change in the next year with AI and ML being used by cyber criminals to conduct attacks.
It is the first year where we will see AI versus AI in a cybersecurity context. Cyber criminals will use AI to attack and explore victims’ networks, which is typically the most labour-intensive part of compromise after an incursion.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
The Symantec 2018 Cybersecurity Predictions Part 2/3
Supply Chain Attacks Will Become Mainstream
Supply chain attacks have been a mainstay of the classical espionage and signals-intelligence operators, compromising upstream contractors/systems/companies and suppliers. They are proven to have a high-level of effectiveness, with nation-state actors using a mix of human intelligence to compromise the weakest link in the chain.
These attacks are moving into the cybercriminal space, becoming mainstream. With publicly available information on suppliers, contractors, partnerships and key-people, cyber criminals can find victims in the supply chain and attack the weakest link. With a number of high profile successful attacks in 2016 and 2017, cyber criminals will focus on this method in 2018.
File-less and File-light Malware Will Explode
2016 and 2017 have seen consistent growth in the amount of file-less and file-light malware, with attackers capitalising organizations that lack in preparation against such threats. With fewer Indicators of Compromise (IoC), use of the victims’ own tools, and complex disjointed behaviours, these threats have been harder to stop, track and defend against in many scenarios.
Like the early days of ransomware, where early success by a few cyber criminals triggered a gold-rush like mentality, more cyber criminals are now rushing to use these same techniques. Although file-less and file-light malware will still be outnumbered by orders-of-magnitude as traditional style malware, they will pose a significant threat and lead to an explosion in 2018.
[adrotate group=”1″]
Organisations Will Still Struggle With Security-as-a-Service (SaaS) Security
Adoption of SaaS continues to grow at an exponential rate as organizations embark on digital transformation projects to drive business agility. This rate of change and adoption presents many security challenges as access control, data control, user behaviour and data encryption vary significantly between SaaS apps. While this is not new and many of the security problems are well understood, organizations will continue to struggle with all these in 2018.
Combined with new privacy and data protections laws adopted by regulators across the world, these will pose major implications in terms of penalties, and more importantly, reputational damage.
Organisations Will Still Struggle With Infrastructure-as-a-Service (IaaS) Security – More Breaches Due to Error, Compromise & Design
IaaS has completely changed the way organisations run their operations, offering massive benefits in agility, scalability, innovation and security. It also introduces significant risks, with simple errors that can expose massive amount of data and take down the entire system.
While security controls above the IaaS layer are customer’s responsibility, traditional controls do not map well – leading to confusion, errors and design issues with ineffective or inappropriate controls being applied, while new controls are ignored. This will lead to more breaches throughout 2018 as organizations struggle to shift their security programs to be IaaS effective.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
The Symantec 2018 Cybersecurity Predictions Part 3/3
Financial Trojans Will Still Account For More Losses Than Ransomware
Financial Trojans were some of the first pieces of malware to be monetised by cyber criminals. From simple beginnings as credential harvesting tools, they have since evolved to advanced attack frameworks that target multiple banks, and banking systems that send shadow transactions and hide their tracks. They have proven to be highly profitable for cyber criminals.
Today the move to mobile application-based banking has curtailed some of the effectiveness, so cyber criminals are now moving their attacks to these platforms. Cyber criminals’ profits from Financial Trojans is expected to grow, giving them higher gains as compared to Ransomware attacks.
Expensive Home Devices Will Be Held To Ransom
Ransomware has become a major problem and is one of the scourges of the modern Internet, allowing cyber criminals to reap huge profits by locking up users’ files and systems. The gold-rush mentality has not only pushed more and more cyber criminals to distribute ransomware, but also contributed to the rise of Ransomware-As-A-Service and other specializations in the cyber criminal underworld.
These specialists are now looking to expand their attack reach by exploiting the massive increase in expensive connected home devices. Smart TVs, smart toys and other smart appliances can run into thousands of dollars and users are generally not aware of the threats to these devices, making them an attractive target for cyber criminals.
[adrotate group=”1″]
IoT Devices Will Be Hijacked and Used in DDoS Attacks
In 2017, we have seen massive DDoS attacks using hundreds of thousands of compromised IoT devices in people’s homes and workplaces to generate traffic. This is not expected to change with cyber criminals looking to exploit the poor security settings and management of home IoT devices.
Furthermore, the inputs and sensors of these devices will also be hijacked, with attackers feeding audio, visual or other faked inputs to make these devices do what they want rather than what users expect them to do.
IoT Devices Will Provide Persistent Access to Home Networks
Beyond DDoS attacks and ransomware, home IoT devices will be compromised by cyber criminals to provide persistent access to a victim’s network. Home users generally do not consider the cyber security implications of their home IoT devices, leaving default settings and not vigilantly updating them like they do with their computers.
Persistent access means that no matter how many times a victim cleans their machine or protects their computer, the attacker will always have a backdoor into victims’ network and the systems that they connect to.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
The AMD Radeon Technologies Group have gotten ensnared in a little bit of controversy recently. They quietly introduced a “lite” version of the Radeon RX 560 with just 14 Compute Units about six months ago. That quiet addition of a cut-down version with no clear differentiation in name did not go unnoticed, and AMD was forced to quickly address the issue.
The AMD Radeon RX 560 With 14 Compute Units
When AMD introduced the Radeon RX 560, it was not just a rebranded Radeon RX 460. The RX 560 touted two additional Compute Units over the Rx 460. That gives the RX 560 a total of 1,024 stream processors – 128 more than the RX 460, with just 896 stream processors.
However, AMD later quietly introduced a “lite” version of the Radeon RX 560, with just 14 Compute Units. This would essentially be a rebranded Radeon RX 460, with 896 stream processors.
The only change AMD made was in the specifications section of the Radeon RX 560 product page. Even the banner still quotes the original 16 CU specification!
So it would be easy for anyone to continue believing that all Radeon RX 560 graphics cards were created equal – with 1,024 stream processors.
AMD On The Radeon RX 560 With 14 Compute Units
Tom’s Hardware pressed AMD on this issue, and received this statement from a company representative :
There are two variants of AMD Radeon RX 560. End users will definitely need to double check specs on variants.
Typically the RX560 14 CU version will sell lower than 16 CU version, [and the] 14 CU version will have lower power consumption.
This allows our GPU partners to offer differentiation between different SKUs for different power and pricing segments.
AMD also clarified that they will be leaving it to their AIB partners to disclose the number of CUs in their Radeon RX 560 product (or not), it is truly caveat emptor to anyone buying one of these cards. That naturally resulted in an online uproar.
[adrotate group=”1″]
A day later, AMD backtracked on leaving it to their AIB partners for disclosure. They issued a new statement :
It’s correct that 14 Compute Unit (896 stream processors) and 16 Compute Unit (1024 stream processor) versions of the Radeon RX 560 are available. We introduced the 14 CU version this summer to provide AIBs and the market with more RX 500 series options.
It’s come to our attention that on certain AIB and e-tail websites there’s no clear delineation between the two variants.
We’re taking immediate steps to remedy this: we’re working with all AIB and channel partners to make sure the product descriptions and names clarify the CU count, so that gamers and consumers know exactly what they’re buying.
We apologize for the confusion this may have caused.
While that is a relief for potential buyers of the Radeon RX 560 going forward, those who purchased their RX 560 cards in the last 6 months will be wondering if they have the “full” or “lite” version of the Radeon RX 560.
How Many CUs Does My Radeon RX 560 Have?
If you purchased a Radeon RX 560 in the last 6 months, it may come with 14 CUs instead of 16 CUs. How do you check?
Simple – download and run GPU-Z. It will tell you how many Compute Units your Radeon RX 560 has.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
Lemi Orhan Ergin did not give Apple any forewarning when he publicly revealed the massive macOS root bug on Twitter. He basically exposed a zero-day vulnerability for hackers to use, while Apple rushed on a bug fix. The good news is Apple just issued the root bug fix in Security Update 2017-001.
This is really fast work, but it also showed their sloppiness. Hopefully, the bug fix does not introduce additional bugs!
macOS Security Update 2017-001
[adrotate group=”2″]
Apple released macOS Security Update 2017-001 just a day after the macOS root bug was revealed. They also gave us more information on the bug that caused so much ruckus around the world (and rightly so).
The bug only affected macOS High Sierra 10.13.1.
The bug did not affect computers running macOS Sierra 10.12.6 or earlier.
They confirmed that it allowed an attacker to “bypass administrator authentication without supplying the administrator’s password“.
The macOS root bug fix is now available for download via the App Store. If it doesn’t appear yet, just click on the Updates icon to refresh.
Please note that this bug fix will reset and disable the root user account. If you need to use the root user account, you will need to re-enable it, and change its password, after applying the update.
Terminal Users, Watch Out!
If you’re using Terminal to update though, you may face some complications due to Apple’s sloppiness. Chai discovered that Apple accidentally used a space instead of the version number.
This is not an issue if you are downloading the patch through the App Store. But if you’re applying the patch via Terminal, you need to add a space.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
The Internet is abuzz with the shocking revelation that now everyone can hack an Apple computer… as long as it’s using the latest macOS High Sierra operating system. Let us explain what’s going on, and share with you the workaround for the macOS High Sierra root bug.
Updated @ 2017-11-30 : Added a new section on the Apple bug fix (Security Update 2017-001) [1], and additional information on the root bug [2].
Originally posted @ 2017-11-29
What Is Root User?
If you are the primary user of a MacOS X system, you have an administrator account with administrator privileges. This gives you more privileges and access than a standard user account. However, that is not the highest access level possible.
There is a Mac superuser account called “root” that gives you elevated read and write privileges to hidden or protected areas of the system. With the Mac root user account, you can even access files in other user accounts.
In fact, it gives you such God-like powers, you can modify or even delete critical system files. In fact, a Mac root user can use the rm -rf * command to delete the contents of every mounted drive in the computer, until macOS crashes when a crucial file or folder is deleted.
So this Mac root user account should only remain disabled unless you really, REALLY need to use it.
On Tuesday, 28 November 2017, Turkish software developer Lemi Orhan Ergin revealed the macOS High Sierra root bug. With a few simple steps, anyone can gain elevated root user privileges in any computer running macOS High Sierra! Here is a summary of what we know about the root bug :
The root bug exploit requires a computer running macOS High Sierra, with multiple user accounts.
When prompted for a username and password, use these steps to gain root user access without any password :
Type “root” as the username and leave the password field blank.
Just click “Unlock” twice.
The root bug cannot be exploited remotely, unless screen sharing is enabled.
The root bug was introduced in macOS High Sierra 10.13.1. Earlier versions of macOS were not affected.
Apple confirmed that the bug was due to “a logic error… in the validation of credentials“.
Apple also confirmed that the bug would allow an attacker to “bypass administrator authentication without supplying the administrator’s password“.
Several security researchers successfully replicated the bug.
The macOS High Sierra root bug is EXTREMELY serious, because it allows a hacker to easily bypass all of the macOS operating system’s security protections.
It doesn’t matter if you encrypted your computer, and secured it with an extremely long and complex password. Anyone who gains root user privileges using this bug can access (read, copy or move) the files in any user account (even those of an administrator) without knowing the password.
What’s even more troubling is that the root bug works even with a disabled root user account. This means the vast majority of Apple computers running on High Sierra are compromised, as the root user account is disabled by default.
How To Fix The Root Bug?
Unlike other security researchers, Lemi Orhan Ergin did not forewarn Apple before publicly revealing the bug, on Twitter no less. He basically exposed a zero-day vulnerability for hackers to use, while Apple rushes to fix the bug.
1. Install macOS Security Update 2017-001 New!
Apple just released Security Update 2017-001. This update will remove the root bug and improve credential validation. INSTALL THIS UPDATE NOW!
Note : This bug fix will reset and disable the root user account. If you need to use the root user account, you will need to re-enable it, and change its password, after applying the update.
Note : Apple rushed out this update so quickly that they accidentally used a space instead of the version number. You can read more about this in our article – Apple Rushed Out macOS Root Bug Fix & It Shows…
This is not an issue if you are downloading the patch through the App Store. But if you’re applying the patch via Terminal, you need to add a space.
Alternatively, you can opt to move your sensitive data to encrypted containers or drives using third-party encryption utilities like VeraCrypt. Hackers may use the High Sierra root bug to gain access to the encrypted containers or drives, but without the correct password, the actual data won’t be accessible.
4. Physically Protect Your Apple Computer
The good news is the High Sierra root bug generally requires physical access to your Apple computer. Until this bug is fixed, you should make sure your Apple computer is never left unsupervised.
Keep it in a locked room or bag, whenever you are not using it. If no one can get to it, they cannot use the bug to gain root access.
5. Disable Screen Sharing
The High Sierra root bug can be exploited remotely if Screen Sharing is enabled. So make sure you disable Screen Sharing.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
Machines Sdn Bhd (Machines) just launched a device protection plan for customers in Malaysia. Known as the Machines Protection Plan (MPP), this plan provides protection from accidental damage such as cracked screens and water damage for as low as 42 sen per day.
The Machines Protection Plan
The Machines Protection Plan (MPP) allows customers to enjoy one (1) screen replacement or one (1) full device replacement during the two (2) year coverage period. The MPP price ranges from RM 299 – RM 899 (~US$ 73-219), depending on the model of the protected device, and can be obtained at local Machines stores upon purchase of a new device.
The Machines Protection Plan (MPP) provides coverage for parts and labour cost. For a full device replacement claim, a service fee will be charged on top of the price for the MPP. For example, for an iPhone SE full device replacement, customers will need to pay a service fee of RM299 on top of the iPhone SE MPP cost of RM299.
[adrotate group=”2″]
A survey by Otterbox Inc. in 2015 stated that 29% of Malaysians accidentally damage their smartphones within the first three months of purchase. The same study also revealed that 75% of Malaysian smartphone users have damaged their devices almost 3 times in the past 5 years.
Machines has selected Aon Insurance Brokers (Malaysia) Sdn Bhd (Aon Malaysia) as its insurance broker to offer this device protection plan, underwritten by AIG Malaysia Insurance Berhad.
Machines is also working to extend the Machines Protection Plan to include new devices purchased from third parties, including telcos.
The Machines Protection Plan Price List
Device
MPP Price (inc. of GST)
Apple Watch
RM 299 / ~US$ 73
iPhone SE / 6
RM 299 / ~US$ 73
iPhone 6s / 6s Plus
RM 599 / ~US$ 146
iPhone 7 / 7 Plus
RM 599 / ~US$ 146
iPhone 8 / 8 Plus
RM 599 / ~US$ 146
iPhone X
RM 899 / ~US$ 219
Service Fee Table For Full Device Replacement
This “service fee” is an additional fee that must be paid for a full device replacement, as opposed to a repair or part replacement.
Device
Full Device Replacement Service Fee
(inc. GST)
Apple Watch
RM 249 / ~US$ 61
iPhone SE / 6
RM 299 / ~US$ 73
iPhone 6s / 6s Plus
RM 299 / ~US$ 73
iPhone 7 / 7 Plus
RM 299 / ~US$ 73
iPhone 8 / 8 Plus
RM 299 / ~US$ 73
iPhone X
RM 499 / ~US$ 122
[adrotate group=”1″]
How Much Will You Save?
If you have butter fingers and keep dropping your expensive iPhone, you will stand to save a lot of money.
Device
Regular Price for Screen Replacement
(inc. of GST)
Price for Screen Replacement under MPP
(inc. of GST)
iPhone SE / 6
RM 699 / ~US$ 170
No Charge
iPhone 6s / 7 / 8
RM 799 / ~US$ 195
No Charge
iPhone 6s Plus / 7 Plus / 8 Plus
RM 899 / ~US$ 219
No Charge
iPhone X
RM 1799 / ~US$ 439
No Charge
If you plan to hang onto your iPhone for many, many years, you will also save on the battery replacement cost.
Device
Regular Price for Battery Replacement
(inc. of GST)
Price for Battery Replacement under MPP
(inc. of GST)
iPhone SE
RM 399 / ~US$ 97
RM 49 / ~US$ 12
iPhone 6
RM 499 / ~US$ 122
RM 49 / ~US$ 12
iPhone 6s / 6s Plus
RM 399 / ~US$ 97
RM 49 / ~US$ 12
iPhone 7 / 7 Plus
RM 399 / ~US$ 97
RM 49 / ~US$ 12
iPhone 8 / 8 Plus
RM 399 / ~US$ 97
RM 49 / ~US$ 12
iPhone X
TBC
RM 49 / ~US$ 12
Please note that they will only replace your battery when it cannot be charged beyond 50% of its original capacity. In addition, you’re only allowed one battery repair or replacement, and that’s subject to the service fee above.
If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!
