Google today launched Android Studio 3.5, the latest version of its integrated development environment (IDE), with a specific focus on "product quality." From a report: This release is the last one under Project Marble, a fancy name for an initiative Google announced late last year to improve Android Studio. For eight months, the team focused "on making the fundamental features and flows of Android Studio & Emulator rock-solid." All the improvements were either to system health, feature polish, or bug fixes. To improve system health, Google created a new set of infrastructure and internal dashboards to better detect performance problems. The team ultimately fixed over 600 bugs, 50 memory leaks, and 20 IDE hangs, and improved XML & Kotlin typing latency. For the Android Emulator, the team decreased the CPU and memory impact. The team also took a look at app deployment flow to a device, replacing Instant Run with Apply Changes. The new system no longer modifies an APK during your build. Instead, it uses runtime instrumentation to redefine classes on the fly.

Intel's latest patches "stomped out three high-severity vulnerabilities and five medium-severity flaws," reports Threatpost: One of the more serious vulnerabilities exist in the Intel Processor Identification Utility for Windows, free software that users can install on their Windows machines to identify the actual specification of their processors. The flaw (CVE-2019-11163) has a score of 8.2 out of 10 on the CVSS scale, making it high severity. It stems from insufficient access control in a hardware abstraction driver for the software, versions earlier than 6.1.0731. This glitch "may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access" according to Intel. Users are urged to update to version 6.1.0731.

Intel stomped out another high-severity vulnerability in its Computing Improvement Program, which is program that Intel users can opt into that uses information about participants' computer performance to make product improvement and detect issues. However, the program contains a flaw (CVE-2019-11162) in the hardware abstraction of the SEMA driver that could allow escalation of privilege, denial of service or information disclosure...

A final high-severity flaw was discovered in the system firmware of the Intel NUC (short for Next Unit of Computing), a mini-PC kit used for gaming, digital signage and more. The flaw (CVE-2019-11140) with a CVSS score of 7.5 out of 10, stems from insufficient session validation in system firmware of the NUC. This could enable a user to potentially enable escalation of privilege, denial of service and information disclosure. An exploit of the flaw would come with drawbacks -- a bad actor would need existing privileges and local access to the victim system.
The article notes that the patches "come on the heels of a new type of side-channel attack revealed last week impacting millions of newer Intel microprocessors manufactured after 2012."

intensivevocoder writes: Owners of Microsoft's Surface Pro 6 and Surface Book 2 systems are finding themselves stuck at Pentium 2 speeds, as numerous user complaints indicate that the ultra-portables are throttling the processor down to 400 MHz, a state that -- in some instances -- persists across reboots. While similar issues with Surface devices have occurred in the past, reports of issues have increased in frequency following a firmware update for the Surface Pro 6.

The throttle-lock appears to be caused by an Intel CPU flag called BD PROCHOT (bi-directional processor hot), which can be set by any peripheral, telling the processor to throttle down in order to decrease system temperature -- a useful flag in cases where the CPU is operating within thermal limits, but other components tied to the CPU are running too hot, because of the demands placed on other components by processes on the CPU.

InfoWorld's Matt Asay argues we're in (or near) "the golden age of open source." Here and there an open source company might struggle to make a buck, but as a community of communities, open source has never been healthier. There are a few good indicators for this.

The first is that the clouds -- yes, all of them -- are open sourcing essential building blocks that expose their operations. Google rightly gets credit for moving first on this with projects like Kubernetes and TensorFlow, but the others have followed suit. For example, Microsoft Azure released Azure Functions, which "extends the existing Azure application platform with capabilities to implement code triggered by events occurring in virtually any Azure or third-party service as well as on-premises systems...." More recently, AWS released Firecracker, a lightweight, open source virtualization technology for running multi-tenant container workloads that emerged from AWS' serverless products (Lambda and Fargate). In a textbook example of how open source is supposed to work, Firecracker was derived from the Google-spawned crosvm but then spawned its own upgrade in the form of Weave Ignite, which made Firecracker much easier to manage.

These are just a few examples of the interesting open source projects emerging from the public clouds. (Across the ocean, Alibaba has been open sourcing its chip architecture, among other things.) More remains to be done, but these offer hope that the public clouds come not to bury open source, but rather to raise it...

it's not hard to believe that the more companies get serious about becoming software companies, the more they're going to encourage their developers to get involved in the open source communities upon which they depend... [I]t's not just the upstarts. Old-school enterprises like Home Depot host code on GitHub, while financial services companies like Capital One go even further, sponsoring open source events to help foster community around their proliferating projects.... So, again, not everybody is doing it. Not yet. But far more organizations are involved in open source today than were back in 2008... Such involvement is happening both at the elite level (public clouds) and in more mainstream ways, ushering in a golden era of open source.

Long-time Slashdot reader Huxley_Dunsany writes: After much work rebuilding and upgrading it, my Macintosh SE/30 from 1989 is now connected via Ethernet to the Web, and is hosting a simple website and old-style "guestbook." The site has been online for a few days (other than semi-frequent reboots of the system when it gets overloaded with requests), and has served nearly 20,000 visitors. For a machine with a 16MHz CPU and 68 megabytes of ram, it's held up remarkably well!

I'm basically inviting a "Slashdotting" of my old Mac, but I thought this project might bring a few smiles here. Enjoy!
"Awesome," wrote one visitor in the guestbook, adding "You should join a webring!"

itwbennett writes: Researchers from security firm Bitdefender discovered and reported a year ago a new CPU vulnerability that 'abuses a system instruction called SWAPGS and can bypass mitigations put in place for previous speculative execution vulnerabilities like Spectre,' writes Lucian Constantin for CSO.

There are three attack scenarios involving SWAPGS, the most serious of which 'can allow attackers to leak the contents of arbitrary kernel memory addresses. This is similar to the impact of the Spectre vulnerability.' Microsoft released mitigations for the vulnerability in July's Patch Tuesday, although details were withheld until August 6 when Bitdefender released its whitepaper and Microsoft published a security advisory.

An anonymous reader quotes TechRadar: AMD's Ryzen 3000 series processors, spearheaded by the Ryzen 7 3700X, have led what looks like an unprecedented assault on Intel's CPUs, at least going by the figures from one component retailer. The latest stats from German retailer Mindfactory (as highlighted on Reddit) for the month of July show that AMD sold an incredible 79% of all processor units, compared to 21% for Intel.

AMD's top-selling chip was the Ryzen 7 3700X, and get this: sales of that one single processor weren't far off equaling the sales of Intel's entire CPU range (at around the 80% mark of what Intel flogged). In June, AMD's overall market share was 68% at Mindfactory, so the increase to 79% represents a big jump, and the highest proportion of sales achieved by the company this year by a long way.

To put this in a plainer fashion, for every single processor sold by Intel, AMD sold four.

Ryzen 3rd-gen offerings have seemingly sold up a storm in the first couple weeks on shelves, and then slowed down, although that slippage is likely due to stock shortages rather than falling demand (the new flagship Ryzen 9 3900X chip is vanishingly thin on the ground, for example, and is therefore being flogged for extortionate prices on eBay in predictable fashion)... [W]e can throw in as many caveats as we like, but the plain truth (at least from this source) is that AMD's doing better than ever, and grabbing a truly startling proportion of CPU market share -- even with apparent stock issues providing some headwind.

"RISC-V is open source, so it's much more resistant to government bans," reports Tom's Hardware: The Alibaba Group Holding, China's largest e-commerce company, unveiled its first self-designed chip, Xuantie 910, based on the open source RISC-V instruction set architecture. As reported by Nikkei Asian Review, the chip will target edge computing and autonomous driving, while the RISC-V's open source license may help Alibaba side-step the U.S. trade war altogether.

Alibaba doesn't intend to manufacture the chips itself. Instead, it could outsource production to other Chinese semiconductor companies, such as Semiconductor Manufacturing International Corp. According to Nikkei, the Chinese government has been encouraging wealthy Chinese companies from various industries to enter the semiconductor industry in recent years. The government's efforts accelerated when the trade war with the U.S. started last year. It reportedly forced foreign companies to transfer their technology and IP to Chinese companies if they wanted any chance at the local Chinese market.

"Most Chinese companies are still wary about whether Arm's architecture and Intel's architecture and technical support would remain accessible amid tech tension and further geopolitical uncertainties," Sean Yang, an analyst at research company CINNO in Shanghai, said, according to Nikkei. "It would be very helpful for China to increase long-term semiconductor sufficiency if big companies such as Alibaba jump in to build a chip (design) platform which smaller Chinese developers can just use without worrying about being cut off from supplies."
The article also notes that using RISC-V will give Alibaba "the ability to completely customize and extend the ISA of the processors built on top of it without having to get permission from any company first."

MojoKid writes: AMD's new Ryzen 3000 processors can boost as high as 4.6 GHz, a notable bump over previous Ryzen models, but what about AMD's purported Instructions Per Cycle (IPC) gains? Has AMD's Zen 2 architecture finally caught up to Intel's Coffee Lake-based Core series processors in terms of IPC? To prove this out, HotHardware pitted a 12-core Ryzen 9 3900X against Intel's 8-core Core i9-9900K in an array of tests, with both chips locked at 4GHz across all cores and four of the Ryzen CPU cores (or 2 CCXs) disabled (save for a couple of instances to show MT scaling). This allowed AMD's fastest Zen 2-based CPU, with its full 64MB L3 cache complement, to compete against Intel's current fastest desktop chip at identical clock speeds. A series of single-threaded benchmarks were run, in addition to some standard games tests, which are lightly multithreaded. The Intel and AMD multi-core processors essentially traded blows across a number of tests, but Intel won more often than not. The blue team notched IPC wins in SANDRA's Dhrystone integer tests, Geekbench, POV-Ray, LAME MT, and the gaming tests. AMD stole single-threaded victories in SANDRA's Whetstone FPU tests, Cinebench, and Y-Cruncher. While not an outright win for AMD, the company has obviously worked hard to improve 3rd Gen Ryzen IPC throughput, while its multi-core scaling is downright impressive.

Asus has unveiled a spec-heavy gaming phone called the ROG Phone II. When it launches later this year, it'll be one of the only phones to feature Qualcomm's new gaming-focused Snapdragon 855 Plus processor, a 120Hz AMOLED display, and massive 6,000mAh battery. PhoneDog reports: The ROG Phone II features a 6.59-inch 2340x1080 AMOLED display with a 120Hz refresh rate and it's the first phone to include Qualcomm's gaming-focused Snapdragon 855 Plus processor. Both the CPU and GPU in the SD855 Plus are clocked higher than in the standard SD855, helping you get better performance. ASUS has crammed 12GB of RAM inside the ROG Phone II's body, too. Another gaming-centric feature of the ROG Phone II are its AirTrigger buttons. Located on the side of the device, they give you extra buttons for your games and an improved software algorithm over the first ROG Phone that lets you rest your fingers on the AirTriggers, meaning you can react more quickly since you're not having to move your fingers to reach for the buttons.

Other notable features of the ROG Phone II include a 48MP main camera with Sony IMX586 sensor, a 13MP ultra wide rear camera with a 125-degree field of view, and a 24MP front camera. There's up to 512GB of built-in storage available, an in-display fingerprint reader, dual front-facing speakers, and a 3.5mm headphone jack. Powering the whole package is a whopping 6000mAh battery. There are two USB-C ports on the ROG Phone II, with one in a traditional place on the bottom of the device and the other on the side of the phone so that it doesn't get in your way when you're gaming and charging. Both ports support Quick Charge 3.0, but the side port can charge more quickly with QuickCharge 4.0 support. It also includes support for 4K video output using DisplayPort 1.4. We don't have an official price or release date yet, but it's likely to start shipping later this year at around $899, which was the cost of the original ROG Phone.

Author and programmer Jeff Geerling explains in a blog post why the new Raspberry Pi 4 needs a fan. Unlike previous Pis that didn't require a fan or heatsink to avoid CPU throttling, the Pi 4 is a different beast and "pretty much demands a fan," writes Geerling. "Not only does the CPU get appreciably hot even under normal load, there are a number of other parts of the board that heat up to the point they are uncomfortable to touch." After 5 minutes at idle, he recorded the CPU/System-on-a-Chip (SoC) was around 60C, and it climbed to the 60-70C range when using the USB ports.

"[I]magine if you're truly using the Pi 4 as a desktop replacement, with at least one external USB 3.0 hard drive attached, WiFi connected and transferring large amounts of data, a USB keyboard and mouse, a few browser windows open (the average website these days might as well be an AAA video game with how resource-intense it is), a text editor, and a music player," writes Geerling. "This amount of load is enough to cause the CPU to throttle in less than 10 minutes." So, Geerling did what any programmer and DIYer would do and decided to add a fan himself to the official case -- and in addition to the blog post describing the process, he made a 22-minute-long video showing you what he did. From the post: Without any ventilation, it's kind of a little plastic oven inside the Pi 4 case. A heat sink might help in some tiny way, but that heat has nowhere to go! So I decided to follow the lead of Redditor u/CarbyCarberson and put a fan in the top cover. [...] After installing the fan, I booted the Pi and ran "stress --cpu 4" and let it go for an hour. The entire time, the CPU's temperature stayed at or under 60C (140F), a full 20C lower than the throttling point.

There are some other options which may be even easier than modifying the official case, like the Fan Shim from Pimoroni or purchasing a 3rd party case with a fan built in. But this option was easy enough and all I needed to complete the project was a $4 fan and a $7 hole saw drill bit (which I can use for other projects in the future).

Qualcomm has announced a mid-year refresh of its flagship Snapdragon 855 chipset. The new Snapdragon 855 Plus is further optimized for gaming, VR, AI, and 5G connectivity. From a report: It sticks to the same overall design and chip layout as the 855, but Qualcomm says the Plus's eight-core Kryo CPU runs at higher peak clock speeds of up to 2.96GHz. But more important to gamers is a 15 percent performance improvement from the Adreno 640 GPU. That will likely result in the 855 Plus making its way into the next wave of gaming-focused smartphones like those we've seen from Asus, Razer, and other companies. As for AI and VR improvements, Qualcomm is continuing to talk up its fourth-generation AI Engine that's capable of "more than 7 trillion operations per second." The Snapdragon 855 Plus will deliver "best-in-class cellular performance, superior coverage and all-day battery life in premium 5G devices," according to the company. It's still using two separate modems to get there, however, with both a Snapdragon X24 LTE 4G modem and Qualcomm's X50 5G modem on board. I guess we won't see a more efficient approach until the inevitable Snapdragon 865.

Cloudflare has published a detailed and refreshingly honest report into precisely what went wrong earlier this month when its systems fell over and took a big chunk of the internet with it. The Register reports: We already knew from a quick summary published the next day, and our interview with its CTO John Graham-Cumming, that the 30-minute global outage had been caused by an error in a single line of code in a system the company uses to push rapid software changes. [...] First up the error itself -- it was in this bit of code: .*(?:.*=.*). We won't go into the full workings as to why because the post does so extensively (a Friday treat for coding nerds) but very broadly the code caused a lot of what's called "backtracking," basically repetitive looping. This backtracking got worse -- exponentially worse -- the more complex the request and very, very quickly maxed out the company's CPUs.

The impact wasn't noticed for the simple reason that the test suite didn't measure CPU usage. It soon will -- Cloudflare has an internal deadline of a week from now. The second problem was that a software protection system that would have prevented excessive CPU consumption had been removed "by mistake" just a weeks earlier. That protection is now back in although it clearly needs to be locked down. The software used to run the code -- the expression engine -- also doesn't have the ability to check for the sort of backtracking that occurred. Cloudflare says it will shift to one that does. The post goes on to talk about the speed with which it impacted everyone, why it took them so long to fix it, and why it didn't just do a rollback within minutes and solve the issue while it figured out what was going on.

You can read the full postmortem here.

An anonymous reader quotes a report from Ars Technica: The Raspberry Pi 4 was announced two weeks ago as a major new upgrade to the line of cheap single-board hobbyist computers. The Pi 4 featured a faster CPU, options for up to 4GB of RAM, and a new, modern USB-C port for power delivery. The Pi 4 was the Raspberry Pi Foundation's first ever USB-C device, and, well, they screwed it up. As detailed by Tyler Ward, the Raspberry Pi 4 has a non-compliant USB-C charging port and doesn't work with as many chargers as it should. Thanks to the open nature of Raspberry Pi (even the schematics are online!), Ward was able to discover that Raspberry Pi just didn't design its USB-C port correctly. Two "CC" pins on a USB-C port are supposed to each get their own 5.1K ohms resistor, but Raspberry Pi came up with its own circuit design that allows them to share a single resistor. This is not a compliant design and breaks compatibility with some of the more powerful USB-C chargers out there.

Whether your USB-C charger works with the Pi 4 has to do with whether it uses an "e-marked" cable. E-marked cables are fully featured USB-C cables with chips inside that negotiate power management, accessory modes, data rates, and other communication specs. Since the Pi 4 USB-C port is wired incorrectly, these smart cables will detect the Pi 4 as an "Audio Adaptor Accessory" and refuse to charge them. Usually, e-marked cables are more expensive and come with larger, higher-powered items, like a USB-C laptop. After reports started popping up on the Internet, Raspberry Pi cofounder Eben Upton admitted to TechRepublic that "A smart charger with an e-marked cable will incorrectly identify the Raspberry Pi 4 as an audio adapter accessory and refuse to provide power." Upton went on to say, "I expect this will be fixed in a future board revision, but for now users will need to apply one of the suggested workarounds. It's surprising this didn't show up in our (quite extensive) field testing program."

An anonymous reader writes: "The Tor Project is preparing a fix for a bug that has been abused for the past years to launch DDoS attacks against dark web (.onion) websites," reports ZDNet. "Barring any unforeseen problems, the fix is scheduled for the upcoming Tor protocol 0.4.2 release." The bug has been known to Tor developers for years, and has been used to launch Slow Loris-like attacks on the web servers that run the Tor service supporting an .onion site. It works by opening many connections to the server and maxing out the CPU. Since Tor connections are CPU intensive because of the cryptography involved to support the privacy and anonymity of the network, even a a few hundreds connections are enough to bring down dark web portals. A tool to exploit the bug and to automate DDoS attacks has been around for four years, and has been used by hackers to extort dark web marketplaces all spring. At least two markets selling illegal products have shut down after refusing to pay attackers. To get the bug fixed, members of a dark web forum banded together and donated to the Tor Project to sponsor the bug's patch.

The Indian Institute of Technology (IIT) Madras has released the software development kit (SDK) for its open-source Shakti processor. Shakti is based on the open-source RISC-V instruction set architecture and was funded by the Indian Ministry of Electronics and Information Technology. The institute promised that a development board will also be released soon. Tom's Hardware reports: The RISE group at IIT Madras started working on the Shakti project in 2016 with a plan to release a family of six classes of processors, each serving a different market. The group promised that the reference processors will be competitive with commercial offerings in terms of area, performance and power consumption. Now India, like China and the European Union, are showing interest in designing their own processors, rather than relying on ones designed by U.S. manufacturers. With the release of the Shakti SDK, developers can begin to develop applications for the Shakti processors, even before they're commercialized.

The Brave web browser "claims to have delivered a '69x average improvement' in its ad-blocking technology using Rust in place of C++" reports ZDNet.

They cite a blog post by Brave performance researcher Dr. Andrius Aucinas and Brave's chief scientist Dr. Ben Livshits: The improvements can be experienced in its experimental developer and nightly channel releases... "We implemented the new engine in Rust as a memory-safe, performant language compilable down to native code and suitable to run within the native browser core as well as being packaged in a standalone Node.js module," the two Brave scientists said. The new engine means the Chromium-based browser can cut the average request classification time down to 5.6 microseconds, a unit of time that's equal to a millionth of one second.

Aucinas and Livshits argue that the micro-improvements in browser performance might not seem significant to end users but do translate to good things for a computer's main processor. "Although most users are unlikely to notice much of a difference in cutting the ad-blocker overheads, the 69x reduction in overheads means the device CPU has so much more time to perform other functions," the pair explain.
Their blog post notes that loading a web page today can be incredibly complex. "Since loading an average website involves 75 requests that need to be checked against tens of thousands of rules, it must also be efficient."

In honor of FreeDOS's 25th birthday, project founder and coordinator Jim Hall agreed to answer the 10 best questions submitted by Slashdot readers. You asked and he answered! Read on for Jim's interview.

The Raspberry Pi is a small single-board computer that's exploded in popularity over the years thanks to its wide array of uses. While it was originally designed to promote the teaching of basic computer science in schools and in developing countries, the computers have been adapted to be used for robotics, media, game and print servers, and even as replacements for traditional desktop PCs. That last one may be even more of a popular use case with the Raspberry Pi 4, the newest version announced today featuring a more powerful quad-core 64-bit ARM processor, up to 4GB of LPDDR4 SDRAM, and dual monitor support at resolutions up to 4K. For those of you with a Raspberry Pi, what do you use it for? Do you have any plans to upgrade to the $35 Raspberry Pi 4?

Raspberry Pi today introduced a new version of its popular line of single-board computer. The Raspberry Pi 4 Model B is the fastest Raspberry Pi ever, with the company promising "desktop performance comparable to entry-level x86 PC systems." The specifications are: A 1.5GHz quad-core 64-bit ARM Cortex-A72 CPU (~3x performance); 1GB, 2GB, or 4GB of LPDDR4 SDRAM; full-throughput Gigabit; Ethernet; dual-band 802.11ac wireless networking; Bluetooth 5.0; two USB 3.0 and two USB 2.0 ports; dual monitor support, at resolutions up to 4K; VideoCore VI graphics, supporting OpenGL ES 3.x; 4Kp60 hardware decode of HEVC video; and complete compatibility with earlier Raspberry Pi products. It starts at $35.