Jan 26, 2018 - The WAN Show Document

[nicklmg]

 

 

Intel’s Meltdown/Spectre Fixes Saga

Source 1: posted by Evanair https://linustechtips.com/main/topic/888876-intel-recommends-not-patching-spectre-with-current-patch/

Source 2: https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/

 

• On January 11th, Intel was notified that the first patch they had issued for the Meltdown and Spectre vulnerabilities was causing random reboot issues

• It was later learned that the bug was affecting Haswell and Broadwell platforms.

• On On Jan 22 Intel made a blog post advising:

  • “that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions [of patches] , as they may introduce higher than expected reboots and other unpredictable system behavior”

 

Upcoming Intel CPUs to address Meltdown and Spectre vulnerabilities on silicon level

Source 1: posted by VegetableStu https://linustechtips.com/main/topic/890018-upcoming-intel-cpus-to-address-meltdown-and-spectre-vulnerabilities-on-sillicon-level/

Source 2: https://www.pcworld.com/article/3251171/components-processors/intels-plan-to-fix-meltdown-in-silicon-raises-more-questions-than-answers.html

 

• Intel chief executive Brian Krzanich told investors Thursday:

  • “Our near-term focus is on delivering high-quality mitigations to protect our customers’ infrastructure from these exploits.

  • We’re working to create silicon-based changes to future products, that will directly address the Spectre and Meltdown threats in hardware.

  • And those products will begin appearing later this year.”

• “I’ve assigned some of the very best minds at Intel to work through this,” Krzanich added.

 

Intel Hits 17-Year High on Sales Outlook

Source 1: https://www.bloomberg.com/news/articles/2018-01-26/intel-hits-17-year-high-on-sales-outlook-little-chip-fallout

Source 2:

 

• Intel announced its quarterly earnings this week, showing a 17-year high signaling optimism that demand will persist even as the industry scrambles to fix vulnerabilities in its PC and server chips.

• Intel repeated its assertion that chip flaws Meltdown and Spectre won’t have a material impact on its finances.

  • Forecasts didn’t budge after the potential exploits were made public in early January.

• Sales in the current period will be about $15 billion, plus or minus $500 million, and annual revenue will rise to a record $65 billion

  • It was a 20% sales jump in its data-center chip business that powered the quarter and will determine success for the foreseeable future.

• Intel shares jumped as much as 8.3 percent to $49.05 in New York on Friday, the highest since September 2000

  • The stock rose 27 percent in 2017

 

========================================================================

 

NEW RECORD: BIGGEST CRYPTO HACK EVER!

Source 1: https://www.coindesk.com/coincheck-confirms-crypto-hack-loss-larger-than-mt-gox/

Source 2: https://cointelegraph.com/news/coincheck-stolen-534-mln-nem-were-stored-on-low-security-hot-wallet

 

• Tokyo-based cryptocurrency exchange Coincheck has suffered the biggest hack in the history of the technology, losing around 500 million NEM coins worth $533 million.

  • That’s more than the amount stolen from Mt. Gox in 2014 (pegged at $340 million)

• The hackers have managed to steal the private key for the hot wallet where NEM coins were stored, enabling them to drain the funds.

  • The funds were being stored on a simple hot wallet rather than a much more secure multi-sig wallet.

• Coincheck claims that it knows the address where the stolen NEM is currently being stored by the hackers, and is hoping to be able to track the culprits.

• The price of the coin has fallen 13%

• Coincheck is looking into compensating its customers

• It was also revealed that Coincheck was not registered with Japan's Financial Services Agency, but now plans to do so.

 

Russian DNC Hackers were Hacked by...The Dutch!

Source 1: https://arstechnica.com/information-technology/2018/01/dutch-intelligence-hacked-video-cameras-in-office-of-russians-who-hacked-dnc/

Source 2:

 

• The world has learned that in 2014 The General Intelligence and Security Service of the Netherlands (AIVD) had hacked into a building at a Russian university that housed a hacking campaign now known as "Cozy Bear," one of the "threat groups" that would later target the Democratic National Committee.

• AIVD's intrusion gave them access to

  • computers used by the group behind Cozy Bear

  • And to the closed-circuit television cameras that watched over them- allowing them to literally witness everything that took place in the building

    • Access to the video cameras in a hallway outside the work space allowed the AIVD to get images of every person who entered the room and match them against known Russian intelligence agents and officials

• AIVD’s penetration into the Cozy Bear network lasted for more than a year.

• Based on the images, analysts at AIVD later determined that the group was operated by Russia’s Foreign Intelligence Service (SVR).

  • An information and sharing arrangement with the NSA resulted in the determination that Cozy Bear’s efforts were at least in part being driven by the Russian Federation’s leadership—including Russian President Vladimir Putin.

• The data collected by AIVD began to pay off in November of 2014, when the agency alerted US intelligence officials that the Cozy Bear group had obtained login credentials and email from US State Department employees.

  • This enabled the US to shut down the attack within 24 hours.

  • A later attack on the White House was also picked up by the AIVD analysts

 

New Google App Lets Anyone Publish a Local News Story (?)

Source 1: https://slate.com/technology/2018/01/google-is-testing-bulletin-an-app-that-would-let-anyone-publish-a-news-story.html

Source 2: https://posts.google.com/bulletin/share

 

• “Bulletin” is being described as “an app for contributing hyperlocal stories about your community, for your community, right from your phone.”

• The app should connect citizens with shared interests with “hyperlocal stories and events for people to share, that local media can take advantage of,”

  • “People everywhere want to know what is going on in their own backyard at a very local level, ranging from local bookstore readings to high school sporting events to information about local street closures.”

• It’s meant to be easy to use: “If you are comfortable taking photos or sending messages, you can create a Bulletin story!”

• Other social media networks claim to enable anyone to be a journalist, but it’s mostly a myth

  • social media posts can go viral, but that’s usually when they have national or global appeal of some sort.

• An app screenshot on the Google Bulletin site shows a post with the headline, “Winter storm floods river, wipes out Nelson Road.”

• the company will work with local news organizations to help them find and potentially publish some of those stories, giving credit to their authors.

• The author controls the content and can take it down anytime they want.

• The app is in a “limited pilot” in just two cities: Nashville and Oakland.

  • Both have burgeoning tech industries and are Google Fiber cities.

  • But they also have high poverty rates and lie beyond the focus of the big media hubs.

 

MSI will not update on Z97 and older chipset for Spectre flaw

Source 1: posted by dragoon20005 https://linustechtips.com/main/topic/888249-public-service-announcement-msi-will-not-update-on-z97-and-older-chipset-for-spectre-flaw/

Source 2: email thread

Source 3: http://www.tomshardware.com/news/motherboard-vendors-release-bios-updates-spectre,36316.html

 

• There are 3 separate variants that together make up what’s being called “spectre”:

  • Bounds Check Bypass

  • Branch target injection

  • Rogue data cache load

• The only required BIOS updates are to address Branch Target Injection for Intel CPUs.

  • If your Intel machine is from a system OEM, look for the updates to come from that manufacturer

  • DIY builders are left waiting for motherboard OEMs to release updates

 

Next Windows 10 Build shows Telemetry Details

Source 1: posted by hey_yo_ https://linustechtips.com/main/topic/889573-next-windows-10-build-will-show-what-is-being-sent-as-telemetry-data/

Source 2: https://blogs.windows.com/windowsexperience/2018/01/24/microsoft-introduces-new-privacy-tools-ahead-of-data-privacy-day/#Q7XoedGCGtBY2crh.97

 

• Windows has announced their upcoming Windows Diagnostic Data Viewer, a Microsoft Store app that allows you to see, search, and filter all Windows diagnostic data in the cloud related to your specific device.

• The diagnostic data presented in the menu includes;

  • Common Data,

    • the Operating System’s name, the Version, Device ID, Device Class, Diagnostic level selection and so on.

  • Device Connectivity and Configuration

    • device properties and capabilities, preferences and settings, peripherals, and device network information.

  • Product and Service Performance data

    • show device health, performance and reliability data, movie consumption functionality on the device and device file queries.

    • “It’s important to note that this functionality is not intended to capture user viewing or, listening habits.”

  • Product and Service Usage data

    • includes details about the usage of the device, operating system, applications, and services.

  • Software Setup and Inventory

    • installed applications and install history, device update information.

• The Windows Telemetry documentation released last year described all the data collected in the "basic" setting but only gave a broad outline of the kinds of things that the "full" setting collected.

  • The new app will show users precisely what the full setting entails and a comparison with what would be sent with the basic setting.

[Egg-Roll]

Next to the Linus Sex Tips... Tho for Linus's fyi, the receiving end unless you're trying to insert it in places that it don't belong, will adapt to the senders size. Tho it doesn't help my bingo card

 

 

Two things are really bugging me...

One: B.C (Surrey) have no self checkouts?

Two: Does the USA have no self checkouts?

I find it impossible to believe unless you live in a population less than 30,000 with no major city around. Unless the store is a tiny shop (like my closest Walmart) or has low volume of people at least one major store should have self checkouts...

[cTurtle98]

bulletin seams like a competitor to nextdoor

[bomerr]

@LinusTech You are completely wrong about blaming customers for not purchasing "expensive enough" PC components.

Quote

BTW really ironic how you say it's not the consumers fault @45:20 then less then a minute later at @46:10 start blaming the consumer. Ok, lol. 

The motherboard manufactures can't provide top-tier support because they are at the end of the value chain so they capture very little of the margin in the computer industry. 

 

Net Income 2016 ($USD)

TSMC $10.2 Billion 

Intel $10.3 Billion 

Nvidia $1.67 Billion 

Asus $660 Million 

 

The Value Chain

Foundries -> Chip Designers -> Board Partners -> Consumer/End-User

 

The numbers are clear. The foundries and CPU designers make 15x the profit of the board partners while Nvidia makes 3X the profit. No matter how much revenue the board partners generate, they will be squeezed out of profit by the chip designers, who themselves will be squeezed by the foundries.  This is not an issue of not enough profit in the industry but of Intel outsourcing their retail operations to 3rd parties because the margins are poor. 

 

The solution in this industry would be for Intel to infuse board partners with cash so they can provide the software patches or do the software patches themselves. It was Intel's fault for the security issue. It doesn't make sense to put the burden of fixing that issue on the board partners, especially since Intel has siphoned the profits in the industry so the board partners aren't able to provide that level of support. 

 

[unclegill]

As of Jan 28, 2018 this is Asus's response, two patched X99 motherboards:

 

https://www.asus.com/News/V5urzYAT6myCC1o2

 

Whereas MSI has provided patches for 22 X99 motherboards:

 

https://www.msi.com/news/detail/7yJ7XCklfBXt8mFhG8nkfSurJUz3q1A6IXPT4QtmCFh1LubZaZoplvysc-5THpt0K3BM1MTYlMvOQ97-Snztbw~~

 

[Ringthane]

9 hours ago, bomerr said:

@LinusTech You are completely wrong about blaming customers for not purchasing "expensive enough" PC components.

Well, when you get new equipment handed to you for free (or in exchange for yet another video sponsored by the company), you forget that not everybody has $5000 lying around to spend on computers or computer parts.  I upgraded my computer two years ago, and the only reason I did so was so that someone else could use my old parts.  What I had wasn't anywhere near the most expensive parts out there, and what I replaced it with wasn't either, but both systems will do anything I ask them to.  And I don't have a single PCIe SSD, or an Intel blah-blah-90-blah-X, or anything like that.  

[Lem0nz]

At 3:04 Luke said "you'll only get half of that" when it comes to twitch subs money, weren't twitch partners not supposed to "share the rates"???

[bomerr]

9 hours ago, Ringthane said:

Well, when you get new equipment handed to you for free (or in exchange for yet another video sponsored by the company), you forget that not everybody has $5000 lying around to spend on computers or computer parts.  I upgraded my computer two years ago, and the only reason I did so was so that someone else could use my old parts.  What I had wasn't anywhere near the most expensive parts out there, and what I replaced it with wasn't either, but both systems will do anything I ask them to.  And I don't have a single PCIe SSD, or an Intel blah-blah-90-blah-X, or anything like that.  

Linus' thought process was

Start
-> Users don't buy high margin products from board partners -->
-> Board partners starved for cash -->
-> Board partners cannot provide adequate support -->
End

It's a valid thought process. But this is not the case. The reality is the business model in the PC industry siphons most profits from board partners and retails to chip designers and foundries. Even if everyone purchased $5k PCs, the same situation would exist today. Because the problem has nothing to do with not enough money flowing into the rather but rather the distribution of profits. 

[DoctorWho1975]

So crApple goes through the process of quoting and taking the computer but won't actually fix it? Jesus.. thats absurd.

[aselwyn1]

where is the link for the Warranty story?