Major security flaw found in Intel processors

Developers scramble to fix bug within Intel chips made in the last decade that will affect millions of computers running Windows, mac OS and Linux

A security flaw has been found in virtually all Intel processors that will require fixes within Windows, macOS and Linux, according to reports.

Developers are currently scrambling behind the scenes to fix the significant security hole within the Intel chips, with patches already available within some versions of Linux and some testing versions of Windows, although the fixes are expected to significantly slow down computers.

The specific details of the flaw, which appears to affect virtually all Intel processors made in the last decade and therefore millions of computers running virtually any operating system, have not been made public.

Q&A

What can I do about the Meltdown and Spectre flaws?

Show Hide

Users can do little to avoid the security flaws apart from update their computers with the latest security fixes as soon as possible. Fixes for Linux and Windows are already available. Chromebooks updated to Chrome OS 63, which started rolling out in mid-December, are already protected.

Android devices running the latest security update, including Googles Nexus and Pixel smartphones, are already protected. Updates are expected to be delivered soon. Users of other devices will have to wait for the updates to be pushed out by third-party manufacturers, including Samsung, Huawei and OnePlus.

An update from Apple on what is needed for its Mac computers and iOS devices is expected.

Thank you for your feedback.

But details of the fixes being developed point to issues involving the accessing of secure parts of a computers memory by regular programs. It is feared that the security flaw within the Intel processors could be used to access passwords, login details and other protected information on the computer.

Modern operating systems rely upon Intels chips to provide some essential security services but if a flaw has been found then the operating systems themselves will need to be updated to do the job that they believed Intels chips were doing properly, said independent security expert Graham Cluley.

The fixes involve moving the memory used by the core of the computers operating system, known as the kernel, away from that used by normal programs. In that way, normal programs, including anything from javascript from a website to computer games, cannot be manipulated to exploit the hole and gain access to the protected kernel memory.

But implementing the fix is expected to significantly affect the performance of the computer, making some actions up to around 30% slower.

The UKs National Cyber Security Centre (NCSC) said it was aware of the issue and that patches were being produced.

While normal computer users could see performance problems, the security flaw also affects cloud servers, with Amazon, Microsoft and Google all expected to have to fix the bug with similar performance-reducing patches.

The exact severity of the flaw has not yet been publicly disclosed, but the lengths being taken by the various operating system developers to fix something indicates that they view it as a serious problem that apparently cannot be patched with a small update.

The good news is that it sounds as if this flaw has been known about (but kept quiet) for a couple of months. The bad news is that users will once again have to install a security update, and businesses are likely to have to restart thousands of computers to apply the fixes, said Cluley.

More details are expected to be divulged as soon as the end of this week, along with fixes for operating systems.

Intel did not respond to request for comment.

Need something explained?

Pick a question: Well answer the one that generates the most interest shortly

Do the security flaws only affect Intel processors? Ask What should I do about it? Ask Will any fix permanently affect the speed of my computer? Ask

Thank you for participating

Well answer the one that generates the most interest shortly. How would you like to get notified when its ready?

Thank you for your interest

Were actively developing these notification features but they are not yet built. Were using your feedback to understand how you would like to be notified of the answers. Thanks again.

Read more: https://www.theguardian.com/technology/2018/jan/03/major-security-flaw-found-intel-processors-computers-windows-mac-os-linux

Advertisements

Logan Paul has behaved despicably. But hes part of a wider trend | Emily Reynolds

The YouTube star claimed he was trying to raise awareness of mental health issues by filming a dead body. Its time to stop using this meaningless phrase, says Emily Reynolds, who writes regularly about mental health

The words outcry as YouTube star posts video of dead body in Japan are so ludicrous, almost nonsensical, that they may as well have come from a random 2017 headline generator. Unfortunately, they dont.

Logan Paul, a 22-year-old vlogger, has been castigated across the internet for publishing a video showing the body of a suicide victim in Aokigahara, a forest near Mount Fuji notorious as a site for multiple suicides every year. Breaking Bad star Aaron Paul (no relation) told Paul he should rot in hell; even Piers Morgan described him as a sick, twisted, heartless little prick.

Pauls YouTube channel has over 15 million subscribers, so its no surprise that a number of fans are already attempting to explain away his behaviour, many with the hashtag #Logan_you_are_forgiven. These fans are in the minority, though, and rightly so. Filming the body of a victim of suicide and posting it online for all to see is unforgivable behaviour refusing to give the victim any dignity in death, completely disregarding the distress it may cause their loved ones, failing to take into consideration the millions of young viewers exposed to the scene, and displaying a very disturbing lack of empathy in the process.

His excuse? He was trying to raise awareness.

Thats obvious nonsense. Media guidelines on reporting suicide are clear: the Samaritans guide on reporting standards plainly state that outlets must exercise caution when referring to the methods and context of a suicide a point that includes not giving too much detail on specific methods. Dignity and decency aside, Pauls video clearly fails to live up to these standards. But there is something in his use of raising awareness that speaks to something beyond this single incident.

Awareness raising came into its own in 2017, with decades worth of campaigns by mental health charities and activists finally gaining mainstream attention. So far, so good: its undeniable that testimonies from those with long-term mental health conditions have started to massively destigmatise elements of mental illness, depression and anxiety, particularly. But, somehow, awareness raising became a behemoth. In recent months Ive had coffee shop windows and soap packaging exhort me to be aware of mental illness, and its even been used in workplaces across the country as a way to improve the efficiency and productivity of workers not quite the stigma-busting change of heart that many of us had in mind when we first started campaigning for awareness.

The primary goal of much visible mental health activism became raising awareness, and it completely dominated the media: articles, books, TV shows all firmly focused on the idea of breaking down stigma. The actual day-to-day realities of people with chronic mental illness were seemingly unimportant it didnt seem to matter what they needed or how they felt, just as long as we knew they were there. The politics of mental health the impact that austerity has on the lives of mentally ill people, as well as poverty, racism, lack of access to services have broadly been ignored in favour of simply encouraging people to talk.

Its now reached the point where awareness raising is used to excuse all sorts of problematic behaviours. Hundreds of articles are published every year making sweeping, unverified statements about mental illness and giving potentially dangerous advice; the NMEs unapproved use of Stormzy as a poster boy for depression was apparently an attempt to raise awareness of an issue that weve been inspired to talk about following your comments; and Theresa May claimed that her government would reduce stigma while simultaneously placing services under obscene pressure via unrelenting cuts to the NHS.

Pauls claim is a similarly transparent attempt to get himself off the hook to excuse his despicable behaviour and, probably most pertinently for him, to prevent the loss of his 15 million YouTube subscribers. But though his excuse is undeniably galling, its also now par for the course. Awareness raising is so ubiquitous a phrase that it has been rendered utterly meaningless.

Genuine awareness raising thoughtful, responsible testimonies from people living with mental illness or disability is invaluable. But when a term can be so easily utilised to justify even the most horrifying behaviour, its probably time we found a new one.

Emily Reynolds is a freelance journalist based in Berlin

  • In the UK, Samaritans can be contacted on 116 123. In the US, the National Suicide Prevention Lifeline is 1-800-273-8255. In Australia, the crisis support service Lifeline is 13 11 14. Other international suicide helplines can be found at http://www.befrienders.org.

Read more: https://www.theguardian.com/commentisfree/2018/jan/03/logan-paul-youtube-suicide-mental-health-raise-awareness

Owning a car will soon be a thing of the past | John Harris

As cities clamp down on vehicle use, technology is putting a utopian vision in reach, writes Guardian columnist John Harris

If ours is an age in which no end of institutions and conventions are being disrupted, it shouldnt come as a surprise that one of the most basic features of everyday life seems under serious threat. If you are fortunate enough to live in a house with a drive, look outside and you will probably see it: that four-wheeled metal box, which may well be equipped with every technological innovation imaginable, but now shows distinct signs of obsolescence.

To put it another way: after a century in which the car has sat at the heart of industrial civilisation, the age of the automobile of mass vehicle ownership, and the idea (in the western world at least) that life is not complete without your own set of wheels looks to be drawing to a close. Top Gear is a dead duck. No one writes pop songs about Ferraris any more. The stereotypical boy racer appears a hopeless throwback. And in our cities, the use of cars is being overtaken by altogether greener, more liberating possibilities.

The sale of diesel and petrol cars is to be outlawed in the UK from 2040. But only 10 days ago Oxford announced that it is set to be the first British city to ban all petrol and diesel cars and vans from a handful of central streets by 2020, extending to the entire urban centre 1o years later. Paris will ban all non-electric cars by 2030, and is now in the habit of announcing car-free days on which drivers have to stay out of its historic heart. In the French city of Lyon, car numbers have fallen by 20% since 2005, and the authorities have their sights set on another drop of the same magnitude. London, meanwhile, has shredded the idea that rising prosperity always triggers rising car use, and seen a 25% fall in the share of journeys made by car since 1990.

Last week, highlighting the increasingly likely arrival of driverless vehicles, General Motors announced that it will soon begin testing autonomous cars in the challenging conditions of New York City, apparently the latest step in the companys rapid and handsomely funded move towards building a new fleet of self-driving taxis. Earlier this year, forecasters at Bank of America tentatively claimed that the US may have reached peak car, acknowledging that transportation is costly and inefficient, making the sector ripe for disruption. Their focus was on ride-sharing services, car-pool apps and the collective use of bikes: what they were predicting had the sense of a reality that is already plain to see.

Sinitta laments having a boyfriend who cares more about his Ferrari, in her 1987 hit GTO

There are caveats to all this, of course. Although cities in the worlds rising economies are just as fond of car-sharing and bike use as anywhere in the west, car ownership in India and China is rising vertiginously. And as one of the 25,000 residents of a West Country town that is expanding fast and now prone to gridlock, I can confirm that in swaths of this country, the idea that we will soon surrender our vehicles can easily look rather far-fetched. The recent farcical launch by Great Western Railway of its new intercity trains (plagued by technical problems, and now taken out of service) highlights how our public transport remains woeful. Even if it brings regular twinges of guilt, there is currently little alternative to owning a car, and using it every day.

But deep social trends do point in another direction. In 1994 48% of 17- to 20-year-olds and 75% of 21- to 29-year-olds had driving licences. According to the National Travel Survey, by 2016 these figures had dropped respectively to 31% and 66%. Some of this, of course, is down to the deep financial insecurities experienced by millennials, and the stupid costs of car insurance. But in the context of technological change, it looks like it might have just as much to do with the likely shape of the future. If you buy most of your stuff online, the need to drive to a supermarket or shopping centre dwindles to nothing; if you are in daily touch with distant friends and family online, might a time-consuming visit to see them feel that bit less urgent? Meanwhile, at the other end of the demographic spectrum, an ageing population will soon have equally profound consequences for levels of car ownership, and the demand for alternatives.

Many huge social changes creep up on us, and the fact that politicians tend to avert their eyes from incipient revolutions often serves to keep them out of public discourse. But this one is surely huge. I am from a generation for whom the promise of your own car represented a kind of personal utopia. Go-faster stripes were signifiers for aspiration; Margaret Thatchers reputed claim that a man who, beyond the age of 26, finds himself on a bus can count himself as a failure chimed with the newly discovered joys of conspicuous consumption. Now, even if some of this lingers on, it does not feel nearly as culturally powerful. The rising global emergency focused on fatal levels of air pollution confirms the motor industrys dire environmental impacts; and concerns about the sub-prime loans that now define a huge swath of the car market suggest that the supposed joys of driving might be unsustainable in plenty of other ways.

Traffic
Traffic in Oxford Street, central London, in 1965. Photograph: Powell/Getty Images

The birth pangs of something better are inevitably messy, as evidenced by the stink currently surrounding Uber an archetypal example of those modern disruptors who point to the future, while obscuring their visions in a great cloud of arrogance. But whatever Ubers failings (and it has to be said: in a city as diverse as London, the idea of traditional black cabs, mostly driven by white British men, representing a comparatively progressive option seems flimsy, to say the least), its innovations are hardly going to be put back in their box. In the US, the average cost per mile of the UberX service is put at around $1.50; In New York City, car ownership works out at around $3 a mile. As and when Uber and Lyft and whatever ride-hailing services either join or displace them go driverless in cities and suburbs across the planet, the financial maths will become unanswerable.

At a time of all-pervading gloom, make no mistake: this is good news. At the heart of it all are amazingly emancipatory prospects: mobility no longer dependent on a huge cash outlay and on the organised extortion of motor insurance; everybody, regardless of age or disability, able to access much the same transport. With the requisite political will, dwindling numbers of cars will bring opportunities to radically redesign urban areas. The environmental benefits will be self-evident. And as cities become more and more car-free, towns will cry out for their own changes. Neglected railway branch lines may well come back to life; the hacking-down of bus services that came with austerity will have to be reversed. With any luck, the mundane term public transport will take on a new vitality.

Is this utopian? No more, surely, than the dreams of the people whose visions of a car outside very house and busy highways eventually came true, with no end of grim consequences. The remains of the old must be decently laid away; the path of the new prepared, said Henry Ford. How ironic that the same wisdom now applies to the four-wheeled dreams he created, and their final journey to the scrapyard.

John Harris is a Guardian columnist

Read more: https://www.theguardian.com/commentisfree/2017/oct/23/owning-car-thing-of-the-past-cities-utopian-vision

Amazon Enlists Bond Market in Its Quest for Grocery Dominance

Jeff Bezos has an army full of bond investors ready to back Amazon.com Inc.’s conquest of the supermarket industry.

The world’s largest online retailer sold $16 billion of unsecured bonds in seven parts to fund its $13.7 billion acquisition of Whole Foods Market Inc. And in a sign of market interest, the longest portion of the offering, a 40-year security, was sold at a yield of 1.45 percentage points above Treasuries, down from initial talk of 1.6 percentage points to 1.65 percentage points, according to a person with knowledge of the matter.

Amazon is expected to reduce prices at the iconic yet struggling high-end supermarket chain, which is trying to lure more low- and middle-income shoppers. The deal, which rattled the grocery world when announced in June, could intensify a price war in an industry beset by razor-thin margins and persistent deflation.

The debt sale marks Amazon’s first bond-market foray since 2014. The company has more than $21 billion stashed away in cash and other short-term investments that could have been deployed as a bigger allocation in the acquisition financing. But Amazon needs to preserve cash, and now is an opportune time for issuers to take advantage of low interest rates, said Bloomberg Intelligence analyst Jitendra Waral.

“This route is cheaper and gives them flexibility,” Waral said. “The expansion plan Amazon has gotten on with buying Whole Foods is just the beginning, not the end.”

The bonds may be attractive to investors who want exposure to Amazon, but are reluctant to buy the stock, which has more than quadrupled in value over the past five years, while the S&P 500 hasn’t even doubled. The share price can be volatile with investors balancing their excitement over Amazon’s sales growth and dominance in e-commerce with the company’s slim profits and Bezos’s big spending ways. Shares have fallen about 7 percent from their July 26 record close.

Mega Deals

The e-commerce giant’s trip to the debt market follows mega bond deals from AT&T Inc. ($22.5 billion) and British American Tobacco Plc ($17.25 billion), and this deal is the year’s fourth biggest following a $17 billion offering from Microsoft Corp. It also comes at a time when tech companies have been active debt issuers, including a debut offering from Tesla Inc. on Aug. 11 as well as Apple Inc., which sold its first Canadian-dollar bond also on Tuesday.

Amazon, whose identity straddles between a tech and retail company, has been the source of the latter’s industry’s problems as consumer preferences have shifted to shopping online instead of in stores. That’s what makes this offering attractive and was expected to be “very well-received,” said Matt Brill, a money manager at Invesco Ltd.

“You don’t want to own retail because of Amazon — this is the the source of everyone’s problems,” said Brill, who planned to participate in the deal. “You get the chance to buy the category killer.”

Buy Recommendation

The bond sale also earned Amazon a higher analyst rating from CreditSights, which now rates the debt as outperform from underperform.

“We are comfortable buying Amazon’s bonds across the entire curve given its strong operating trends and competitive position in both its e-commerce and cloud computing businesses,” analysts led by Jordan Chalfin said in a report.

Bank of America Corp., Goldman Sachs Group Inc. and JPMorgan Chase & Co. managed the bond sale, the person said.

Amazon has been an infrequent issuer in the investment-grade bond market, with only $7.8 billion of debt outstanding as of June 30. It’s rated Baa1 by Moody’s Investors Service and four notches higher by S&P Global Ratings.

“Despite the increase in debt, the Whole Foods acquisition is an immediate credit positive for the company on a variety of fronts,” Moody’s analyst Charlie O’Shea said in a report Monday, revising Amazon’s outlook to positive from stable. “Whole Foods provides Amazon with greater scale and a crucial brick-and-mortar presence in a segment where it has been trying to grow.”

Read more: http://www.bloomberg.com/news/articles/2017-08-15/amazon-is-said-to-sell-bonds-to-finance-whole-foods-acquisition

Uber’s Former Self-Driving Chief Urged Calling Out Musk

The former engineer at the center of Uber’s self-driving car legal troubles urged ex-Chief Executive Officer Travis Kalanick to criticize Tesla Inc.’s Elon Musk and several of his claims about autonomous vehicles.

Anthony Levandowski, whom Uber fired in May, sent a text to Kalanick in September that criticized Musk for saying Tesla was unlikely to use lidar sensors for its cars. The message was among those released as part of the ongoing lawsuit against Uber Technologies Inc. by Alphabet Inc.’s Waymo, which has accused Levandowski of stealing trade secrets.

“We’ve got to start calling Elon on his sh-t,” Levandowski wrote in the texts, which were turned over by lawyers for Kalanick. “I’m not on social media but let’s start ‘faketesla’ and start give physics lessons about stupid sh-t Elon says like this.”

Weeks before the text messages, Tesla unveiled an update to its Autopilot driver-assistance system that uses radar and a GPS database to guide its vehicles. Waymo and automakers including Ford Motor Co. have embraced lidar and argue the technology is crucial to safely deploying self-driving autos. Lidar uses lasers rather than radio waves to more precisely generate three-dimensional images of an environment.

In another text sent days earlier, Levandowski sent Kalanick a link to a video on Sina.com showing a fatal accident that the Chinese news outlet said involved Autopilot. Levandowski wrote that Musk had been lying about Tesla’s safety record and said he received the link from Ford.

Tesla and Ford declined to comment on the text messages. Levandowski’s lawyer didn’t immediately respond to a voice and email messages.

Autonomous Race

Waymo is citing Levandowski’s frequent contact with Kalanick — starting before the engineer left his job at the Alphabet unit — as proof that Uber colluded with him to steal prized technology in the heated race to commercialize autonomous vehicles. Uber has denied Waymo’s allegations. Levandowski, who wasn’t named as a defendant, has asserted his constitutional right to protect himself from self-incrimination.

Tesla has installed Autopilot hardware on every electric car coming off its production line since October 2014. The company deployed the software that enables consumers to use the driver-assist features while other companies were limiting testing of similar systems to their own engineers.

Federal regulators probed a separate fatal May 2016 crash involving an Ohio man who was using Autopilot when his Tesla slammed into the side of a tractor trailer in Florida. Neither the driver nor the Autopilot system noticed the white side of the tractor-trailer against a brightly lit sky, so brakes weren’t applied, according to the company.

The National Highway Traffic Safety Administration earlier this year said it didn’t find a defect with Tesla’s technology and wouldn’t issue a recall.

Read more: http://www.bloomberg.com/news/articles/2017-08-15/uber-texts-show-former-self-driving-chief-urged-calling-out-musk

Elon Musk: AI vastly more risky than North Korea

Tesla head warns of dangers of AI and pushes for regulation as OpenAI he backed beats best human players in online DotA 2 championship

Elon Musk has warned again about the dangers of artificial intelligence, saying that it poses vastly more risk than the apparent nuclear capabilities of North Korea does.

The Tesla and SpaceX chief executive took to Twitter to once again reiterate the need for concern around the development of AI, following the victory of Musk-led AI development over professional players of the Dota 2 online multiplayer battle game.

Elon Musk (@elonmusk)

If you’re not concerned about AI safety, you should be. Vastly more risk than North Korea. pic.twitter.com/2z0tiid0lc

August 12, 2017

This is not the first time Musk has stated that AI could potentially be one of the most dangerous international developments. He said in October 2014 that he considered it humanitys biggest existential threat, a view he has repeated several times while making investments in AI startups and organisations, including OpenAI, to keep an eye on whats going on.

Musk again called for regulation, previously doing so directly to US governors at their annual national meeting in Providence, Rhode Island.

Elon Musk (@elonmusk)

Nobody likes being regulated, but everything (cars, planes, food, drugs, etc) that’s a danger to the public is regulated. AI should be too.

August 12, 2017

Musks tweets coincide with the testing of an AI designed by OpenAI to play the multiplayer online battle arena (Moba) game Dota 2, which successfully managed to win all its 1-v-1 games at the International Dota 2 championships against many of the worlds best players competing for a $24.8m (19m) prize fund.

The AI displayed the ability to predict where human players would deploy forces and improvise on the spot, in a game where sheer speed of operation does not correlate with victory, meaning the AI was simply better, not just faster than the best human players.

Musk backed the non-profit AI research company OpenAI in December 2015, taking up a co-chair position. OpenAIs goal is to develop AI in the way that is most likely to benefit humanity as a whole, unconstrained by a need to generate financial return. But it is not the first group to take on human players in a gaming scenario. Googles Deepmind AI outfit, in which Musk was an early investor, beat the worlds best players in the board game Go and has its sights set on conquering the real-time strategy game StarCraft II.

Musks latest comments come after a public spat with Facebook chief executive Mark Zuckerberg over the dangers of AI, with Musk dismissing Zuckerberg as having limited understanding of the subject after the social networks head called out Musk for scaremongering over AI.

Read more: https://www.theguardian.com/technology/2017/aug/14/elon-musk-ai-vastly-more-risky-north-korea

Goldman Tops Banks Betting on a New Type of Hedging

A new type of hedging is sweeping Wall Street this year.

Goldman Sachs Group Inc. and JPMorgan Chase & Co. are leading big banks in plowing record funds into outside ventures trying to disrupt their industry, a role typically dominated by venture capital firms, according to a report from Opimas, a management consultancy.

Goldman Sachs has invested in about 15 so-called fintech firms focusing on capital markets businesses this year, while JPMorgan has bet on nine, the report shows. Altogether, banks and other established companies will probably pump a record $1.7 billion into the sector through 44 deals in 2017, Opimas estimated. That may turn would-be challengers into allies.

Read more: Reinsurers seek growth through fintech investments

VC firms, meantime, are relatively reluctant to target the industry, despite its potential to yield a big payoff. Wall Street ventures drew only 2.6 percent of their funding last year.

“Capital markets fintech should attract more than its fair share of venture capital and private equity investment. Instead, we see precisely the opposite,” the authors including Opimas CEO Octavio Marenzi wrote in the report. “Many VCs have shied away from these markets, since they frequently require highly specialized knowledge of markets, their micro-structure, and competitive dynamics.”

While banks have long trumpeted their technological prowess, cheap computing power and fears of losing clients to startups are ushering in a new era of automation and other tech-driven platforms. Almost 50 percent of financial services firms around the world plan to acquire fintech startups in the next three to five years, PricewaterhouseCoopers LLP said in an April report.

A QuickTake explainer on Fintech

Still, for banks, the money they entrust to fintech ventures is a tiny slice of what they spend on tech — most of which they keep in-house. Financial institutions are on track to dedicate more than $127 billion to technology this year, focusing on areas such as execution management, post-trade transaction processing and analytics.

Read more: http://www.bloomberg.com/news/articles/2017-08-14/goldman-tops-banks-betting-hardest-on-capital-markets-disruptors