An anonymous reader quotes a report from Ars Technica: A stable version of Linux 6.0 is out, with 15,000 non-merge commits and a notable version number for the kernel. And while major Linux releases only happen when the prior number's dot numbers start looking too big -- there is literally no other reason" -- there are a lot of notable things rolled into this release besides a marking in time. Most notable among them could be a patch that prevents a nearly two-decade slowdown for AMD chips, based on workaround code for power management in the early 2000s that hung around for far too long. [...]

Intel's new Arc GPUs are supported in their discrete laptop form in 6.0 (though still experimental). Linux blog Phoronix notes that Intel's ARC GPUs all seem to run on open source upstream drivers, so support should show up for future Intel cards and chipsets as they arrive on the market. Linux 6.0 includes several hardware drivers of note: fourth-generation Intel Xeon server chips, the not-quite-out 13th-generation Raptor Lake and Meteor Lake chips, AMD's RDNA 3 GPUs, Threadripper CPUs, EPYC systems, and audio drivers for a number of newer AMD systems. One small, quirky addition points to larger things happening inside Linux. Lenovo's ThinkPad X13s, based on an ARM-powered Qualcomm Snapdragon chip, get some early support in 6.0. ARM support is something Linux founder Linus Torvalds is eager to see [...].

Among other changes you can find in Linux 6.0, as compiled by LWN.net (in part one and part two):
- ACPI and power management improvements for Sapphire Rapids CPUs
- Support for SMB3 file transfer inside Samba, while SMB1 is further deprecated
- More work on RISC-V, OpenRISC, and LoongArch technologies
- Intel Habana Labs Gaudi2 support, allowing hardware acceleration for machine-learning libraries
- A "guest vCPU stall detector" that can tell a host when a virtual client is frozen Ars' Kevin Purdy notes that in 2022, "there are patches in Linux 6.0 to help Atari's Falcon computers from the early 1990s (or their emulated descendants) better handle VGA modes, color, and other issues."

Not included in this release are Rust improvements, but they "are likely coming in the next point release, 6.1," writes Purdy.

Magic Leap's second take on augmented reality eyewear is available. "The glasses are still aimed at developers and pros, but they include a number of design upgrades that make them considerably more practical -- and point to where AR might be headed," reports Engadget. From the report: The design is 50 percent smaller and 20 percent lighter than the original. It should be more comfortable to wear over long periods, then. Magic Leap also promises better visibility for AR in bright light (think a well-lit office) thanks to "dynamic dimming" that makes virtual content appear more solid. Lens optics supposedly deliver higher quality imagery with easier-to-read text, and the company touts a wider field of view (70 degrees diagonal) than comparable wearables.

You can expect decent power that includes a quad-core AMD Zen 2-based processor in the "compute pack," a 12.6MP camera (plus a host of cameras for depth, eye tracking and field-of-view) and 60FPS hand tracking for gestures. You'll only get 3.5 hours of non-stop use, but the 256GB of storage (the most in any dedicated AR device, Magic Leap claims) provides room for more sophisticated apps. The base model of the glasses costs $3,299, with the Enterprise model amounting to about $5,000.

Most development effort in graphics drivers these days, whether you're talking about Nvidia, Intel, or AMD, is focused on new APIs like DirectX 12 or Vulkan, increasingly advanced upscaling technologies, and specific improvements for new game releases. But this year, AMD has also been focusing on an old problem area for its graphics drivers: OpenGL performance. From a report: Over the summer, AMD released a rewritten OpenGL driver that it said would boost the performance of Minecraft by up to 79 percent (independent testing also found gains in other OpenGL games and benchmarks, though not always to the same degree). Now those same optimizations are coming to AMD's officially validated GPU drivers for its Radeon Pro-series workstation cards, providing big boosts to professional apps like Solidworks and Autodesk Maya. "The AMD Software: PRO Edition 22.Q3 driver has been tested and approved by Dell, HP, and Lenovo for stability and is available through their driver downloads," the company wrote in its blog post. "AMD continues to work with software developers to certify the latest drivers." Using a Radeon Pro W6800 workstation GPU, AMD says that its new drivers can improve Solidworks rendering speeds by up to 52 or 28 percent at 4K and 1080p resolutions, respectively. Autodesk Maya performance goes up by 34 percent at 4K or 72 percent at the default resolution. The size of the improvements varies based on the app and the GPU, but AMD's testing shows significant, consistent improvements across the board on the Radeon Pro W6800, W6600, and W6400 GPUs, improvements that AMD says will help those GPUs outpace analogous Nvidia workstation GPUs like the RTX A5000 and A2000 and the Nvidia T600.

AMD engineer K Prateek Nayak recently uncovered that a 20 year old chipset workaround in the Linux kernel still being applied to modern AMD systems is responsible in some cases for hurting performance on modern Zen hardware. Fortunately, a fix is on the way for limiting that workaround to old systems and in turn helping with performance for modern systems. Phoronix reports: Last week was a patch posted for the ACPI processor idle code to avoid an old chipset workaround on modern AMD Zen systems. Since ACPI support was added to the Linux kernel in 2002, there has been a "dummy wait op" to deal with some chipsets where STPCLK# doesn't get asserted in time. The dummy I/O read delays further instruction processing until the CPU is fully stopped. This was a problem with at least some AMD Athlon era systems with a VIA chipset... But not a problem with newer chipsets of roughly the past two decades.

With this workaround still being applied to even modern AMD systems, K Prateek Nayak discovered: "Sampling certain workloads with IBS on AMD Zen3 system shows that a significant amount of time is spent in the dummy op, which incorrectly gets accounted as C-State residency. A large C-State residency value can prime the cpuidle governor to recommend a deeper C-State during the subsequent idle instances, starting a vicious cycle, leading to performance degradation on workloads that rapidly switch between busy and idle phases. One such workload is tbench where a massive performance degradation can be observed during certain runs."

At least for Tbench, this long-time, unconditional workaround in the Linux kernel has been hurting AMD Ryzen / Threadripper / EPYC performance in select workloads. This workaround hasn't affected modern Intel systems since those newer Intel platforms use the alternative MWAIT-based intel_idle driver code path instead. The AMD patch evolved into this patch by Intel Linux engineer Dave Hansen. That patch to limit the "dummy wait" workaround to old systems is already queued into TIP's x86/urgent branch. With it going the route of "x86/urgent" and for fixing a overzealous workaround that isn't needed on modern hardware, it's likely this patch will be submitted this week still for the Linux 6.0 kernel rather than needing to wait until the next (v6.1) merge window.

Just one day after the Ethereum Merge, where the cryptocoin successfully switched from Proof of Work (PoW) to Proof of Stake (PoS), profitability of GPU mining has completely collapsed. Tom's Hardware reports: That means the best graphics cards should finally be back where they belonged, in your gaming PC, just as god intended. That's a quick drop, considering yesterday there were still a few cryptocurrencies that were technically profitable. Looking at WhatToMine, and using the standard $0.10 per kWh, the best-case results are with the GeForce RTX 3090 and Radeon RX 6800 and 6800 XT. Those are technically showing slightly positive results, to the tune of around $0.06 per day after power costs. However, that doesn't factor in the cost of the PC power, or the wear and tear on your graphics card.

Even at a slightly positive net result, it would still take over 20 years to break even on the cost of an RX 6800. We say that tongue-in-cheek, because if there's one thing we know for certain, it's that no one can predict what the cryptocurrency market will look like even one year out, never mind 20 years in the future. It's a volatile market, and there are definitely lots of groups and individuals hoping to figure out a way to Make GPU Mining Profitable Again (MGMPA hats inbound...)

Of the 21 current generation graphics cards from the AMD RX 6000-series and the Nvidia RTX 30-series, only five are theoretically profitable right now, and those are all just barely in the black. This is using data from NiceHash and WhatToMine, so perhaps there are ways to tune other GPUs to get into the net positive, but the bottom line is that no one should be using GPUs for mining right now, and certainly not buying more GPUs for mining purposes. [You can see a full list of the current profitability of the current generation graphics cards here.]

UnknowingFool writes: After a decades long partnership with Nvidia, EVGA has announced they are ending their relationship. Citing conflicts with Nvidia, EVGA CEO Andrew Han said the company will not partner with Intel nor AMD, and will be exiting the GPU market completely. The company will continue to make existing RTX 30-series cards until their stock runs out but will not release a 4000 series card. YouTube channels JayZTwoCents and GamersNexus broke the news after sitting down with EVGA CEO Andrew Han to discuss his frustrations with Nvidia as a partner. Jon Peddie Research also published a brief article on the matter.

Tom's Hardware reports: We're here in Israel for Intel's Technology Tour 2022, where the company is sharing new information about its latest products, much of it under embargo until a later date. However, the company did share a slide touting that Raptor Lake is capable of operating at 6GHz at stock settings and that it has set a world overclocking record at 8GHz - obviously with liquid nitrogen (here's our deep dive on the 13th-Gen Intel processors). Intel also shared impressive performance projections for single- and multi-thread performance.

Notably, the peak of 6 GHz is 300 MHz faster than the 5.7 GHz for AMD's Ryzen 7000 processors, but Intel hasn't announced which product will hit that peak speed. We also aren't sure if a 6GHz chip will arrive with the first wave of chips or be a special edition 'KS' model. Intel also claimed that Raptor Lake will have a 15% gain in single-threaded performance and a 41% gain in multi-threaded, as measured by SPECintrate_2017 and compared to Alder Lake, and an overall '40% performance scaling.'

Big U.S. tech companies have flocked to the World Artificial Intelligence Conference that opened Thursday in Shanghai, drawing a stark contrast with Washington's ongoing efforts to distance itself economically from China. From a report: The opening ceremony included a virtual address by Qualcomm CEO Cristiano Amon, who said the company will supply the most complete and comprehensive technology and solutions in China and the world. Apple, Advanced Micro Devices, Facebook parent Meta and GE HealthCare also have executives or booths at the event, according to Chinese media. Europe's semiconductor industry is represented as well, with executives from Netherlands-based NXP Semiconductors, a major supplier of automotive chips, and Germany's Infineon Technologies discussing development plans.

The strong American showing is good news for China, which needs advanced chip technology to power its AI development and is keen to win over companies that can provide it. The business opportunities afforded by the massive Chinese market remain essential to many American companies. China is a leading information technology production hub, as well as the world's top auto production center -- an increasingly important field for chipmakers as the number of semiconductors used in vehicles continues to rise. Qualcomm generated roughly two-thirds of its sales last year in China, a major production base for many of the smartphone manufacturers that are among its main customers. The country accounts for just under 30% of sales at AMD and Intel, 20% at Micron Technology and over 30% at NXP.

AMD unveiled its 5nm Ryzen 7000 lineup today, outlining the details of four new models that span from the 16-core $699 Ryzen 9 7950X flagship, which AMD claims is the fastest CPU in the world, to the six-core $299 Ryzen 5 7600X, the lowest bar of entry to the first family of Zen 4 processors. Tom's Hardware reports: Ryzen 7000 marks the first 5nm x86 chips for desktop PCs, but AMD's newest chips don't come with higher core counts than the previous-gen models. However, frequencies stretch up to 5.7 GHz - an impressive 800 MHz improvement over the prior generation -- paired with an up to 13% improvement in IPC from the new Zen 4 microarchitecture. That results in a 29% improvement in single-threaded performance over the prior-gen chips. That higher performance also extends out to threaded workloads, with AMD claiming up to 45% more performance in some threaded workloads. AMD says these new chips power huge generational gains over the prior-gen Ryzen 5000 models, with 29% faster gaming and 44% more performance in productivity apps. Going head-to-head with Intel's chips, AMD claims the high-end 7950X is 11% faster overall in gaming than Intel's fastest chip, the 12900K, and that even the low-end Ryzen 5 7600X beats the 12900K by 5% in gaming. It's noteworthy that those claims come with a few caveats [...].

The Ryzen 7000 processors come to market on September 27, and they'll be joined by new DDR5 memory products that support new EXPO overclocking profiles. AMD's partners will also offer a robust lineup of motherboards - the chips will snap into new Socket AM5 motherboards that AMD says it will support until 2025+. These motherboards support DDR5 memory and the PCIe 5.0 interface, bringing the Ryzen family up to the latest connectivity standards. The X670 Extreme and standard X670 chipsets arrive first in September, while the more value-oriented B650 options will come to market in October. That includes the newly announced B650E chipset that brings full PCIe 5.0 connectivity to budget motherboards, while the B650 chipset slots in as a lower-tier option. The Ryzen 7000 lineup also brings integrated RDNA 2 graphics to all of the processors in the stack, a first for the Ryzen family.

Linux creator Linus Torvalds has announced the first release candidate for the Linux kernel version 6.0, but he says the major number change doesn't signify anything especially different about this release. ZDNet: While there is nothing fundamentally different about this release compared with 5.19, Torvalds noted that there were over 13,500 non-merge commits and over 800 merged commits, meaning "6.0 looks to be another fairly sizable release." According to Torvalds, most of the updates are improvements to the GPU, networking and sound. Torvalds stuck to his word after releasing Linux kernel 5.19 last month, when he flagged he would likely call the next release 6.0 because he's "starting to worry about getting confused by big numbers again."

On Sunday's release of Linux 6.0 release candidate version 1 (rc-1), he explained his reasoning behind choosing a new major version number and its purpose for developers. Again, it's about avoiding confusion rather than signaling that the release has major new features. His threshold for changing the lead version number was .20 because it is difficult to remember incremental version numbers beyond that. "Despite the major number change, there's nothing fundamentally different about this release - I've long eschewed the notion that major numbers are meaningful, and the only reason for a 'hierarchical; numbering system is to make the numbers easier to remember and distinguish," said Torvalds. Torvalds lamented some Rust-enabling code didn't make it into the release. The Register adds: "I actually was hoping that we'd get some of the first rust infrastructure, and the multi-gen LRU VM, but neither of them happened this time around," he mused, before observing "There's always more releases. This is one of those releases where you should not look at the diffstat too closely, because more than half of it is yet another AMD GPU register dump," he added, noting that Intel's Gaudi2 Ai processors are also likely to produce plenty of similar kernel additions. "The CPU people also show up in the JSON files that describe the perf events, but they look absolutely tiny compared to the 'asic_reg' auto-generated GPU and AI hardware definitions," he added.

Version 9.3 of NetBSD is here, able to run on very low-end systems and with that authentic early-1990s experience. The Register reports: Version 9.3 comes some 15 months after NetBSD 9.2 and boasts new and updated drivers, improved hardware support, including for some recent AMD and Intel processors, and better handling of suspend and resume. The next sentence in the release announcement, though, might give some readers pause: "Support for wsfb-based X11 servers on the Commodore Amiga." This is your clue that we are in a rather different territory from run-of-the-mill PC operating systems here. A notable improvement in NetBSD 9.3 is being able to run a graphical desktop on an Amiga. This is a 2022 operating system that can run on late-1980s hardware, and there are not many of those around.

NetBSD supports eight "tier I" architectures: 32-bit and 64-bit x86 and Arm, plus MIPS, PowerPC, Sun UltraSPARC, and the Xen hypervisor. Alongside those, there are no less than 49 "tier II" supported architectures, which are not as complete and not everything works -- although almost all of them are on version 9.3 except for the version for original Acorn computers with 32-bit Arm CPUs, which is still only on NetBSD 8.1. There's also a "tier III" for ports which are on "life support" so there may be a risk Archimedes support could drop to that. This is an OS that can run on 680x0 hardware, DEC VAX minicomputers and workstations, and Sun 2, 3, and 32-bit SPARC boxes. In other words, it reaches back as far as some 1970s hardware. Let this govern your expectations. For instance, in VirtualBox, if you tell it you want to create a NetBSD guest, it disables SMP support.

The preliminary Mercury Research CPU market share results are in for the second quarter of 2022, arriving during what is becoming a more dire situation for the PC market as sales cool after several years of stratospheric growth. From a report: According to the recent earnings report from Intel, AMD, and Nvidia, the recovery will be a long one. Still, for now, AMD appears to be weathering the storm better than its opponents as it continued to steal market share from Intel in every segment of the CPU market. The desktop PC market is still on fire, but it isn't a good kind of fire. Intel issued a dire earnings report last week -- the company lost money for the first time in decades, partially driven by PC declines. Intel also announced it was delaying its critical Xeon Sapphire Rapids data center chips and killing off another failing business unit, Optane; the sixth unit retired since new CEO Pat Gelsinger took over.

In contrast, AMD's revenue was up 70% year-over-year as the company continued to improve its already-great profitability. AMD is firing on all cylinders and will launch its Ryzen 7000 CPUs, RDNA 3 GPUs, and EPYC Genoa data center processors on schedule. That consistent execution continues to pay off. AMD continued to take big strides in the mobile/laptop market, setting another record for unit share in that segment with 24.8%. AMD also gained in the server market for the 13th consecutive quarter, reaching 13.9% of the market. Notably, AMD's quarterly gain in servers is the highest we've seen with our historical data, which dates back to 2017.

An anonymous reader quotes a report from Ars Technica: Microsoft has published a knowledge base article acknowledging a problem with encryption acceleration in the newest versions of Windows that could result in data corruption. The company recommends installing the June 2022 security updates for Windows 11 and Windows Server 2022 "to prevent further damage," though there are no suggested solutions for anyone who has already lost data because of the bug.

The problems only affect relatively recent PCs and servers that support Vector Advanced Encryption Standard (VAES) instructions for accelerating cryptographic operations. Microsoft says affected systems use AES-XTS or AES-GCM instructions "on new hardware." Part of the AVX-512 instruction set, VAES instructions are supported by Intel's Ice Lake, Tiger Lake, Rocket Lake, and Alder Lake architectures -- these power some 10th-generation Core CPUs for laptops, as well as all 11th- and 12th-gen Core CPUs. AMD's upcoming Zen 4 architecture also supports VAES, though by the time these chips are released in the fall, the patches will have had plenty of time to proliferate. Microsoft says that the problem was caused when it added "new code paths" to support the updated encryption instructions in SymCrypt, Windows' cryptographic function library. These code paths were added in the initial release of Windows 11 and Windows Server 2022, so the problem shouldn't affect older versions like Windows 10 or Windows Server 2019.

The initial fix for the problem, provided in Windows' June 2022 security update package (Windows 11 build 22000.778), will prevent further damage at the cost of reduced performance, suggesting that the initial fix was to disable encryption acceleration on these processors entirely. Using Bitlocker-encrypted disks or the Transport Layer Security (TLS) protocol or accessing encrypted storage on servers will all be slower with the first patch installed, though installing the July 2022 security updates (Windows 11 build 22000.795) should restore performance to its previous level.

With the 2022 Flash Memory Summit taking place this week, not only is there a slew of solid-state storage announcements in the pipe over the coming days, but the show is also increasingly a popular venue for discussing I/O and interconnect developments as well. Kicking things off on that front, on Monday the OpenCAPI and CXL consortiums issued a joint announcement that the two groups will be joining forces, with the OpenCAPI standard and the consortium's assets being transferred to the CXL consortium. From a report: With this integration, CXL is set to become the dominant CPU-to-device interconnect standard, as virtually all major manufacturers are now backing the standard, and competing standards have bowed out of the race and been absorbed by CXL. Pre-dating CXL by a few years, OpenCAPI was one of the earlier standards for a cache-coherent CPU interconnect. The standard, backed by AMD, Xilinx, and IBM, among others, was an extension of IBM's existing Coherent Accelerator Processor Interface (CAPI) technology, opening it up to the rest of the industry and placing its control under an industry consortium. In the last six years, OpenCAPI has seen a modest amount of use, most notably being implemented in IBM's POWER9 processor family. Like similar CPU-to-device interconnect standards, OpenCAPI was essentially an application extension on top of existing high speed I/O standards, adding things like cache-coherency and faster (lower latency) access modes so that CPUs and accelerators could work together more closely despite their physical disaggregation.

An anonymous reader quotes a report from Ars Technica: Intel is slowly moving into the dedicated graphics market, and its graphics driver releases are looking a lot more like Nvidia's and AMD's than they used to. For its dedicated Arc GPUs and the architecturally similar integrated GPUs that ship with 11th- and 12th-generation Intel CPUs, the company promises monthly driver releases, along with "Day 0" drivers with specific fixes and performance enhancements for just-released games. At the same time, Intel's GPU driver updates are beginning to de-emphasize what used to be the company's bread and butter: low-end integrated GPUs. The company announced yesterday that it would be moving most of its integrated GPUs to a "legacy support model," which will provide quarterly updates to fix security issues and "critical" bugs but won't include the game-specific fixes that newer GPUs are getting.

The change affects a wide swath of GPUs, which are not all ancient history. Among others, the change affects all integrated GPUs in the following processor generations, from low-end unnumbered "HD/UHD graphics" to the faster Intel Iris-branded versions: 6th-generation Core (introduced 2015, codenamed Skylake), 7th-generation Core (introduced 2016, codenamed Kaby Lake), 8th-generation Core (introduced 2017-2018, codenamed Kaby Lake-R, Whiskey Lake, and Coffee Lake), 9th-generation Core (introduced 2018, codenamed Coffee Lake), 10th-generation Core (introduced 2019-2020, codenamed Comet Lake and Ice Lake), and various N4000, N5000, and N6000-series Celeron and Pentium CPUs (introduced 2017-2021, codenamed Gemini Lake, Elkhart Lake, and Jasper Lake).

Intel is still offering a single 1.1GB driver package that supports everything from its newest Iris Xe GPUs to Skylake-era integrated graphics. However, the install package now contains one driver for newer GPUs that are still getting new features and a second driver for older GPUs on the legacy support model. The company uses a similar approach for driver updates for its Wi-Fi adapters, including multiple driver versions in the same download package to support multiple generations of hardware. "The upshot is that these GPUs' drivers are about as fast and well-optimized as they're going to get, and the hardware isn't powerful enough to play many of the newer games that Intel provides fixes for in new GPU drivers anyway," writes Ars Technica's Andrew Cunningham. "Practically speaking, losing out on a consistent stream of new gaming-centric driver updates is unlikely to impact the users of these GPUs much, especially since Intel will continue to fix problems as they occur."

AMD looks to be on the cusp of releasing a competitor to RTX Voice, a feature for Nvidia graphics cards that cancels out background noise when you're on a call or otherwise using your mic. From a report: That's according to a trailer that AMD posted to its YouTube channel (apparently in error), Tom's Hardware reports. Thankfully, a copy of the trailer was downloaded before it was deleted by Reddit user u/zenobian and uploaded to the AMD subreddit. The leaked trailer suggests that AMD's Noise Suppression feature will work very similarly to Nvidia's RTX Voice (which has subsequently been rolled into Nvidia's Broadcast app). It uses "a real-time deep learning algorithm" to offer "two-way noise-reduction" that filters background noise out of both outgoing and incoming microphone audio, and is apparently built into AMD's existing Adrenalin software.

A senior systems administrator at the Free Software Foundation points out that they're running free software in two data centers and over a hundred virtual machine — each and every one with "a freedom-respecting BIOS."

But the "how" is surprisingly intricate: [E]arlier this week, we replaced "Columbia", the last of any FSF-run machines running a nonfree BIOS....

At FSF, our current standard is ASUS KGPE-D16 motherboards with AMD CPUs 6200 series CPUs released in 2012. For the BIOS, we install Libreboot, the easy-to-install, 100% free software replacement for proprietary BIOS/boot programs, or a version of Coreboot that is carefully built to avoid including any nonfree blobs. They are fast enough for our needs, and we expect this to be the case for many more years to come. They are also very affordable systems. We are also working toward supporting Raptor Computer Systems' newer and more powerful Talos II, as well as Blackbird motherboards that use IBM POWER9 CPUs. The POWER9 CPU architecture is called "PowerPC 64-bit little endian," abbreviated "ppc64el...." The Raptor motherboards come with entirely free firmware — and even have free hardware designs!

However, this type of migration has its challenges. For example, the first thing we needed to address before using these motherboards is that the main operating system we use, Trisquel GNU/Linux, didn't previously run on pp64el. So, earlier this year, we set up a Raptor POWER9 computer running Debian (without using any nonfree parts of Debian repositories) and loaned it to the maintainers of Trisquel for as long as needed. And now, we are proud to say that the upcoming Trisquel 11 release will support POWER9...!

Before I decommissioned Columbia, I ran a dmidecode, which told me that the BIOS program fit within a single megabyte of space. Often, very simplistic firmware becomes more complicated in later models, and that also usually means it has a growing significance for a user's software freedom. Some newer nonfree BIOSes have grown into operating systems in their own right, sometimes with large programs such as a full Web browser.

There is no fully-free BIOS available for x86 Intel and AMD CPUs released after about 2013. The key blocking factor is that those CPUs require certain firmware in the BIOS, like Intel Management Engine. Those CPUs will also refuse to run firmware that hasn't been cryptographically signed by private keys controlled by AMD and Intel, and AMD and Intel will only sign their own nonfree firmware. At the FSF, we refuse to run that nonfree firmware, and we applaud the many people who also avoid it. For those people who do run those Intel or AMD systems, running Coreboot or Osboot is still a step up the Freedom Ladder for the software freedom of your BIOS.

The road to freedom is a long road. We hope our dedication to achieve milestones like these can inspire the free software movement.

Lenovo has released a security advisory to inform customers that more than 70 of its laptops are affected by a UEFI/BIOS vulnerability that can lead to arbitrary code execution. SecurityWeek reports: Researchers at cybersecurity firm ESET discovered a total of three buffer overflow vulnerabilities that can allow an attacker with local privileges to affected Lenovo devices to execute arbitrary code. However, Lenovo says only one of the vulnerabilities (CVE-2022-1892) impacts all devices, while the other two impact only a handful of laptops. "The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features," ESET explained. "These vulnerabilities were caused by insufficient validation of DataSize parameter passed to the UEFI Runtime Services function GetVariable. An attacker could create a specially crafted NVRAM variable, causing buffer overflow of the Data buffer in the second GetVariable call," it added.

Lenovo has also informed customers about Retbleed, a new speculative execution attack impacting devices with Intel and AMD processors. The company has also issued an advisory for a couple of vulnerabilities affecting many products that use the XClarity Controller server management engine. These flaws can allow authenticated users to cause a DoS condition or make unauthorized connections to internal services.

Some microprocessors from Intel and AMD are vulnerable to a newly discovered speculative execution attack that can covertly leak password data and other sensitive material, sending both chipmakers scrambling once again to contain what is proving to be a stubbornly persistent vulnerability. Ars Technica reports: Researchers from ETH Zurich have named their attack Retbleed because it exploits a software defense known as retpoline, which was introduced in 2018 to mitigate the harmful effects of speculative execution attacks. Speculative execution attacks, also known as Spectre, exploit the fact that when modern CPUs encounter a direct or indirect instruction branch, they predict the address for the next instruction they're about to receive and automatically execute it before the prediction is confirmed. Spectre works by tricking the CPU into executing an instruction that accesses sensitive data in memory that would normally be off-limits to a low-privileged application. Retbleed then extracts the data after the operation is canceled. [...] The ETH Zurich researchers have conclusively shown that retpoline is insufficient for preventing speculative execution attacks. Their Retbleed proof-of-concept works against Intel CPUs with the Kaby Lake and Coffee Lake microarchitectures and AMD Zen 1, Zen 1+, and Zen 2 microarchitectures.

In response to the research, both Intel and AMD advised customers to adopt new mitigations that the researchers said will add as much as 28 percent more overhead to operations. [...] Both Intel and AMD have responded with advisories. Intel has confirmed that the vulnerability exists on Skylake-generation processors that don't have a protection known as enhanced Indirect Branch Restricted Speculation (eIBRS) in place. "Intel has worked with the Linux community and VMM vendors to provide customers with software mitigation guidance which should be available on or around today's public disclosure date," Intel wrote in a blog post. "Note that Windows systems are not affected given that these systems use Indirect Branch Restricted Speculation (IBRS) by default which is also the mitigation being made available to Linux users. Intel is not aware of this issue being exploited outside of a controlled lab environment." AMD, meanwhile, has also published guidance. "As part of its ongoing work to identify and respond to new potential security vulnerabilities, AMD is recommending software suppliers consider taking additional steps to help guard against Spectre-like attacks," a spokesman wrote in an email. The company has also published a whitepaper.

[Research Kaveh Razavi added:] "Retbleed is more than just a retpoline bypass on Intel, specially on AMD machines. AMD is in fact going to release a white paper introducing Branch Type Confusion based on Retbleed. Essentially, Retbleed is making AMD CPUs confuse return instructions with indirect branches. This makes exploitation of returns very trivial on AMD CPUs." The mitigations will come at a cost that the researchers measured to be between 12 percent and 28 percent more computational overhead. Organizations that rely on affected CPUs should carefully read the publications from the researchers, Intel, and AMD and be sure to follow the mitigation guidance.

Magic Leap's next AR headset is coming this fall, and it's not cheap. The self-contained Magic Leap 2 glasses, which CNET tried earlier this year, will cost at least $3,299, and be available Sept. 30. From a report: Unlike the first Magic Leap headset, which launched back in 2018 and aspired to be for creative consumers, the Magic Leap 2 is entirely business-focused. The smaller glasses have their own dedicated AMD hip-worn processor puck. They offer a wider field of view than any other AR headset we've tried recently, and a unique feature that dims parts of the real world to make virtual objects seem less ghostly. The headset will come in three variations: the $3,299 Magic Leap 2 Base is the hardware plus a one-year warranty; while the Magic Leap 2 Developer Pro comes with extra developer-focused software and sample projects for $4,099. A Magic Leap 2 Enterprise version, with two-year support for enterprise-ready software, costs $4,999. Magic Leap's website will indicate where headsets will be available to buy: in the US, UK, Germany, France, Spain, Italy and Saudi Arabia on Sept. 30, and Japan and Singapore by the end of the year.