Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Lenovo throttles ideapad DDR4 ram, adds phantom security fix with bios update (lenovo.com)

An anonymous reader writes: Lenovo has released a bios security fix for ideapad laptops (series 310-14ISK, 310-15ISK, 310 Touch-15ISK, 510-15ISK) but at the same time it lowers the DDR4 memory speed from 2400 MHz (1200 x 2 dual channel) to 2133 MHz

The previously released bios 0xcn39ww is signed digitally by LENOVO, but the current bios (0xcn40ww) is (currently) not signed on the Lenovo download servers.

Even if it is not signed it pretends to solve a security issue that i could not find ANY info about (PCR802439666). Except of echoes of the readme text file in various places, i could not find any info at all about this.

Anyone has any clue about this? Why should i apply this "some security fix"?
Seriously... they published an unsigned exe file for a bios upgrade that solves a security issue? what kind of security validation and testing model is that if they didn't even bother to sign the exe updater file?

https://download.lenovo.com/consumer/mobiles/0xcn40ww.txt

and

https://download.lenovo.com/consumer/mobiles/0xcn40ww.exe

quote from txt:
0XCN40WW:
BIOS Notification:
1. Fixed
1)[Important] Update includes some security fix. (PCR802439666)
2)Limited memory frequency to 2133MHz.
2. Add
1) None.
3. Modified
1) None.
/quote

sha256 sum of the exe file that i downloaded from Lenovo: 38d8da805af08437b9efc07ea813b0bd2794b998cc250fd213ca1f9596a488ff
(look up the checksum on virustotal, there's a full file analysis there)

In addition to the unnamed security fix, this would throttle my system's DDR4 memory to 2133 MHz... this qualifies as a major product change after sale. I paid for and was sold a system that works at 2400 MHz (1200x2 = dual channel) and now they want to throttle it to 2133 MHz?

If i were in USA this would be the starting point for a class-action lawsuit. Coupled with the onboard NVIDIA GeForce forced throttling at 60+ degrees Celsius this smells like another case of trying to cover a manufacturing / design fault... another nvidia bumpgate?

Should i start preparing my refund papers for the system's planned obsolescence / performance degradation?

system memory info:
slot 1: Size 8192 MBytes
Manufacturer Micron Technology
Max Bandwidth DDR4-2400 (1200 MHz)
Part Number 8ATF1G64HZ-2G3B1

slot 2: Size 8192 MBytes
Manufacturer Micron Technology
Max Bandwidth DDR4-2400 (1200 MHz)
Part Number 8ATF1G64HZ-2G3B1

Comment fan hitting event on the horizon (Score 4, Interesting) 385

ALL major online email providers (google mail, yahoo, microsoft, etc.) and all major company networks work internally by using a VPN between the various locations that those companies have around the country/world... => they are going to be hacked... and this will raise an enormous shitstorm.

Comment Re:Libreoffice (Score 4, Informative) 324

these days they dropped the sourceforge crap for their own crap built-in into the main installer, silently downloaded in the background from sites such as coapr14pool _DOT_ com AND THEN executed while having elevated full admin rights. This is typical trojan dropper / infector / keylogger behavior.

source: http://www.pdfforge.org/blog/p...
(in comments)

Comment Re:Ask any McDonald about mcdonalds.com domain (Score 4, Informative) 381

oops.. small case of "spoke too soon"/"foot in mouth", i realize this is from before the "domain created" date, so it must be the site maintained by the previous owners of the domain name, name that had expired by the time the current owner registered it.

Anyway, it's a proof that "XboxOne" was already used by someone else in the context of computer games related stuff even since the year 2002 and IMHO should have not been awarded as a registered trademark to MS...

Comment Re:Ask any McDonald about mcdonalds.com domain (Score 5, Informative) 381

well, NOW it's parked after Microsoft brought the lawyers out of leashes and sicked them on the domain owner(s)...

looking on archive.org it seems it used to have an active site on it, for example this snapshot:

http://web.archive.org/web/20110207201840/http://xboxone.com/

OR this one, from the YEAR 2003

http://web.archive.org/web/20031225193949/http://xboxone.com/

Comment Re:This is a surprise? (Score 1) 185

The only problem with Avast is that you have to re-register every year. Minor, I know, but a pain nonetheless.

the bonus with avast's system is that it doesn't actually make you PROVE that the email address is YOURS (code/link sent via email), it only asks for an email address and that's where it stops, so i've taken the habit of using @avast.com email addresses.

The first thing i used was postmaster@avast ( :D ) but when it started to complain that it's already used i switched to _current timestamp-YYYYMMDDHHMM_@avast, works like a charm

Comment Re:Google Groups? (Score 1) 259

+1 for Google Groups, it removes A LOT of the hassle of managing forum for a site, especially for spam management (spam prevention logic is global across all the forums they host, if someone is detected spamming in one forum it can be nuked from everywhere at once).
I use it quite successfully for a few sites.

Google even allows EMBEDDING the page via an iframe, with an url that will not load the usual Google Groups page header:

use this in iframe src:

hxxps://groups.google.com/forum/embed/?place=___INSERT_FORUM_PATH_HERE___?showsearch=true&showpopout=true&hl=___INSERT_THE_UI_LANGUAGE_CODE_HERE__&parenturl=___INSERT_HERE_THE_URL_OF_THE_PARENT_LOADING_PAGE

(replace hxxps with https)
https://support.google.com/groups/bin/answer.py?hl=en&answer=1191206

Your Rights Online

Mother Found Guilty After Protesting TSA Pat-down of Daughter 652

Penurious Penguin writes "In 2011, en route to Baltimore, Tennessee mother Andrea Abbott was arrested after squabbling with the TSA over their pat-down and "naked" body-scan process. Initially Abbott had protested a pat-down of her 14 year-old daughter, though eventually backed off. When her own turn came, she refused both a pat-down and body-scan. This week, despite having no criminal record, Abbott was found guilty of disorderly conduct and sentenced to one year of probation. A surveillance video of the affair shows what appears an agitated Abbott surrounded by various TSA agents, but seemingly contradicts the premise by which she was convicted. In the case against Abbott it was claimed that her behavior impeded the flow security-lines and lawful activity. Beyond Abbott's confession of issuing some verbal abuse, the video does not appear to display a significant blockage of traffic nor anything noticeably criminal."

Comment Re:if they used a hash...? (Score 1) 497

this has also been happening to Technet & MSDN logins for a while now

trying to access https://msdn.microsoft.com/en-us/subscriptions/securedownloads/default.aspx (or the equivalent technet downloads page) you get redirected to a login page that starts with https://login.live.com/login.srf and that form only alows 16 chars

i went bonkers when it started to happen, a few months ago, but then i got used to it... this is the regular crap that's pulled by MS these days. :(

Microsoft

Hotmail No Longer Accepts Long Passwords, Shortens Them For You 497

An anonymous reader writes "Microsoft doesn't like long passwords. In fact, the software giant not only won't let you use a really long one in Hotmail, but the company recently started prompting users to only enter the first 16 characters of their password. Let me rephrase that: if you have a password that has more than 16 characters, it will no longer work. Microsoft is making your life easier! You no longer have to input your whole password! Just put in the first 16 characters!" At least they warn you; I've run into some sites over the years that silently drop characters after an arbitrary limit.
Businesses

MS Office 2013 Pushing Home Users Toward Subscriptions 349

An anonymous reader writes "Ars reports that Microsoft has announced pricing plans for Office 2013 that include a subscription-based model for home users. There will be a $100/year Home version that can be shared by up to 5 users and a $150/year Small Business version. 'Subscription software of one form or another has proven popular in the enterprise (whether it be cloud services, like Office 365, or subscriptions to desktop software, such as Microsoft's Software Assurance scheme). But so far it's a rarity in the consumer space. Anti-virus software has tried to bully and cajole users into getting aboard the subscription train, but the large number of users with out-of-date anti-viral protection suggests users are resisting. ... As another incentive to subscribe, and one that might leave a bad taste in the mouth, the company says that subscribers will be given unspecified "updates" to add new features and capabilities over the life of their subscription. Perpetual licensees will only get bug fixes and security updates.'"

Comment use kubuntu instead (Score 3, Interesting) 306

well, i figured it would be some problem with the graphics drivers and that's why i switched to using the kubuntu 12.04 LTS dvd instead of the normal ubuntu/unity one, i've been having weird issues with unity lately (invisble mouse cursor and ignored keyboard input on a fujitsu siemens Amilo La1703 notebook - but KDE works perfectly)

http://www.kubuntu.org/getkubuntu/download
( for those that fell recently into the linux soup and don't know what this is, this is practically the same thing as ubuntu 12.04 LTS but with the KDE interface as default instead of unity. )

Slashdot Top Deals

The number of computer scientists in a room is inversely proportional to the number of bugs in their code.

Working...