WordPress plugin vulnerability poses severe security risk, allows for site takeovers

In a nutshell: Many WordPress plugins are designed to enhance the content management system's ability to quickly and easily share content from almost anywhere on the internet. But one popular particular plugin is seemingly making life easier for cyber-criminals, too.

The WP Automatic plugin has been compromised by a severe security vulnerability that hackers have been exploiting since last month. This plugin has over 38,000 paid customers, enabling WordPress sites to effortlessly add new posts from various sources, such as RSS feeds, YouTube, Twitter, or by generating content through ChatGPT.

Tracked as CVE-2024-27956, the flaw was disclosed by security company Patchstack in March and received a severity rating of 9.9 (out of 10). It is described as a highly dangerous SQL injection vulnerability, with analysts anticipating widespread exploitation after hackers became aware of it. According to Patchstack, malicious actors can "directly interact" with a WordPress site's SQL database, potentially manipulating personal information, user accounts, and more.

ValvePress, the publisher of WP Automatic, addressed the SQL injection flaw in the latest plugin version (3.92.1) without acknowledging the fixed issue in the release notes. Nonetheless, hackers were quick to discover CVE-2024-27956; a recent bulletin by security company WPScan said that the bug had been targeted by more than 5.5 million attack attempts since March 13, 2024.

WPScan describes the typical exploitation process for CVE-2024-27956, which starts with the execution of an unauthorized database query and ends with total ownership of the compromised website. Once in, hackers can create new admin user accounts, upload new malware and plugins, and more. Criminals may also rename the vulnerable WAP PHP script, ensuring that no other "cyber-gang" can exploit the flaw.

Once a WordPress site is compromised, an attacker can create backdoors and obfuscate their malicious code. In most of the compromised sites discovered by WPScan, cyber-criminals installed their own plugins to upload files and easily edit code. CVE-2024-27956 represents an extremely serious security risk, and all WP Automatic customers are urged to update to the latest version of the plugin immediately, although some researchers question whether it qualifies as a "true" SQL injection issue.

An unnamed developer has noted that the WP Automatic plugin is designed to process SQL queries from authorized users only. CVE-2024-27956 allows hackers to circumvent these authorization controls, while an SQL injection occurs when an attacker embeds SQL code in what is "supposed to be only data," which, according to the developer, is not the case with WAP.

FTC accuses Jeff Bezos and Amazon CEO Jassy of using auto-deleting messages to obstruct antitrust case

What just happened? Amazon founder Jeff Bezos and current CEO Andy Jassy are just two of several company executives the FTC has accused of destroying text messages. The agency alleges the texts could have been used as evidence against the tech giant in its antitrust case.

The FTC said in a court filing last week that the execs used encrypted messaging platform Signal between April 2019 and May 2022. They're also accused of using the disappearing messages feature in the app that ensured the messages weren't retained, writes Bloomberg.

The executives reportedly started using Signal after Bezos' phone was hacked in 2018 via a WhatsApp message. Bezos later said the National Enquirer tabloid was extorting and blackmailing him, threatening to publish private photos and texts taken from his phone.

The FTC filed a motion to compel last week, asking a judge to force Amazon to "produce documents related to the company's failure to preserve Signal messages." It also wants to know what executives told employees about when to communicate via Signal.

The FTC wants the information to assess whether Amazon failed to take reasonable steps to preserve documents, and to determine what was destroyed.

An Amazon spokesperson said the company voluntarily disclosed employees' limited Signal use to the FTC years ago, thoroughly collected Signal conversations from its employees' phones, and allowed agency staff to inspect those conversations "even when they had nothing to do with the FTC's investigation."

The antitrust investigation into Amazon started in 2019, requiring the company to retain documents and turn them over to the FTC. The suit's main allegation is that Amazon abuses its dominance in the market to reward merchants who use its logistics (warehousing, shipping) and advertising services, punish those who don't, and block lower prices on competing websites.

Among the suit's claims is that Amazon requires third-party retailers on its site to offer goods at their lowest prices on the platform, meaning they can't be found cheaper than on Amazon. The company previously denied these allegations, claiming that sellers decide their own prices.

Google has also been accused of instructing its employees to use the disappearing messages feature, which automatically deletes them after 24 hours, for internal communications when sensitive subject matters are being discussed. The Justice Department has sought sanctions against the company over the issue, though a judge has yet to rule on the request.

Bloomberg notes that the FTC could refer any wrongdoing it uncovers to the Justice Department if it discovers anyone deliberately destroyed evidence.

Millions of devices still vulnerable to abandoned USB worm, continues to spread globally

In brief: Security researchers have uncovered a chilling global epidemic: an old malware that has been spreading uncontrollably for years. Despite its creators seemingly abandoning the project years ago, this insidious USB worm has lived on, potentially infecting millions of new machines around the world.

The worm, which first hit the scene in 2019 as a new variant of the infamous PlugX malware, had a devious trick up its sleeve. It could automatically copy itself onto any USB drive connected to an infected machine, allowing it to hitch a ride and infect new computers without any user interaction required.

But at some point, the hackers abandoned the malware's command-and-control server, essentially cutting off their ability to oversee the infected machines. One might assume this would be the end of the line for the pesky worm, but that was not the case.

Researchers from security firm Sekoia decided to do some digital archaeology and purchased the abandoned IP address that was originally used to control the worm. To their surprise, they found the worm was still very much alive and kicking, with their server receiving connections from 90,000 to 100,000 unique IP addresses every single day. Over six months, they counted a staggering 2.5 million unique IPs trying to phone home.

It's important to note that IP addresses don't always accurately represent the total number of infected systems since some IPs could be shared by multiple devices or computers may use dynamic IPs. But the sheer volume of traffic suggests this worm has spread far and wide, potentially infecting millions of machines worldwide.

What's even more intriguing is that the researchers found around 15 countries accounting for over 80% of the infections. And these aren't just random nations - many have strategic importance and significant Chinese infrastructure investments. This has led to speculation that the worm may have been a Chinese intelligence-gathering operation targeting specific regions.

"It is plausible, though not definitively certain as China invests everywhere, that this worm was developed to collect intelligence in various countries about the strategic and security concerns associated with the Belt and Road Initiative, mostly on its maritime and economic aspects," notes Sekoia.

Thankfully, the researchers did discover a potential solution: a command that could remove the malware from infected machines and even clean up any USB drives connected during the disinfection process. However, they decided against taking unilateral action due to legal concerns and have instead reached out to relevant authorities in affected countries, providing them with data and leaving the decision in their hands.

"Given the potential legal challenges that could arise from conducting a widespread disinfection campaign, which involves sending an arbitrary command to workstations we do not own, we have resolved to defer the decision on whether to disinfect workstations in their respective countries to the discretion of national Computer Emergency Response Teams (CERTs), Law Enforcement Agencies (LEAs), and cybersecurity authorities," the researchers wrote.

TSMC lays out roadmap for massive, kilowatt-class chip packages and terabit optical links

In brief: The world's leading semiconductor foundry, TSMC, isn't resting on its laurels. At its recent symposium for North American customers, the chipmaker unveiled ambitious roadmaps for both chip packaging and bleeding-edge optical interconnect technologies. These advancements could unleash a tidal wave of compute performance in the coming years.

Starting with the chip packaging tech, which TSMC has branded "CoWoS" (Chip-on-Wafer-on-Substrate), it's essentially an enhanced version of typical chiplet designs, where multiple smaller dies are integrated together into one package. But TSMC is taking it to incredible new levels of scale and complexity.

The current CoWoS iteration supports interposers (the silicon base layer) up to 3.3x the size of a typical photomask used in lithography. But by 2026, TSMC's "CoWoS_L" will bump that up to around 5.5x mask size, leaving room for larger logic chiplets and up to 12 stacks of HBM memory. And just a year later in 2027, CoWoS will scale up to a jaw-dropping 8x reticle size or more.

We're talking integrated packages spanning 6,864 mm2, significantly larger than a credit card. These CoWoS behemoths could incorporate four stacked logic chiplets alongside a dozen HBM4 memory stacks and extra I/O dies.

To give you a sense of the scale, Broadcom recently showed off a custom AI processor with two logic dies and 12 memory stacks. And that chip looked bigger than Nvidia's latest beefy accelerators, but it's still puny compared to what TSMC is prepping for 2027. In fact, the company expects its solutions to use up to a whopping 120x120mm substrate.

In the context of chip manufacturing, a larger substrate allows for more components to be integrated onto it, potentially enabling more powerful and complex electronic devices. But the monstrous scale also means they'll consume kilowatts of power and likely require exotic liquid cooling solutions. Nothing about this is excessive, though, considering how power-hungry generative AI is turning out to be. We're entering uncharted waters for semiconductor packaging here.

Speaking of uncharted waters, TSMC also revealed its "3D Optical Engine" strategy to integrate lightning-fast optical interconnects into its client designs. As bandwidth demands explode, copper traces simply won't cut it for bleeding-edge datacenter and HPC workloads. Optical links, leveraging integrated silicon photonics, offer vastly higher throughput and lower power.

TSMC's "COUPE" (Compact Universal Photonic Engine) co-packages electronics and photonics using advanced 3D stacking. Gen 1 plugs into standard optical ports at 1.6 Tbps - double what top-end Ethernet offers today. Gen 2 boosts that to 6.4 Tbps by integrating COUPE into TSMC's CoWoS packages alongside the processor. And the roadmap culminates with a CoWoS "COUPE Interposer" design hitting an astounding 12.8 Tbps of optical bandwidth.

Whether it's ungodly AI models, physics simulations, or just colossal datacenter workloads, the chipmaker seems convinced that "go big or go home" will reign supreme in the years ahead.

Apple OLED iPad Pro to be unveiled next week could feature all-new M4 chip, be AI-focused

Something to look forward to: Apple has been slower than its rivals when it comes to embracing artificial intelligence, but that could change with the upcoming announcement of the all-new iPad Pro next week. In addition to having an AI focus, the OLED slate may also come with Cupertino's next-gen M4 chip, rather than the expected M3.

Apple's Let Loose iPad livestream event takes place on May 7, when it's expected to unveil a new iPad Air and updated iPad Pro, the latter of which will likely receive the first OLED panel in the long-running iPad series.

It was reported that the new iPad Pro would come with Apple's lauded M3 chip found in the latest MacBooks and iMac. However, according to Bloomberg's resident Apple expert Mark Gurman, there's a "strong possibility" it will launch with the new M4. He said the chip's new neural engine will position the next iPad Pro as Apple's first truly AI-powered device, kicking off Apple's shift into AI hardware.

Pencil us in for May 7! âÂÂï¸Â #AppleEvent pic.twitter.com/1tvyB7h450

– Tim Cook (@tim_cook) April 23, 2024

Gurman writes that by introducing the new iPad Pro ahead of Apple's Worldwide Developers Conference in June, the company "could lay out its AI chip strategy without distraction." Apple could then use WWDC to focus on how the M4 chip and the new iPad Pros and other M4 devices will take advantage of the software and services coming as part of iPadOS 18 later this year.

Also on show next week will be the updated iPad Air and accessories such as the Magic Keyboard and Apple Pencil. Gurman believes the Apple Pencil will feature haptic feedback.

Tablet shipments declined 20.5% in 2023 to 128.5 million, marking the lowest figure for 13 years. Apple remained the number one company in this market, despite iPad shipments falling 19.8% – only Amazon's shipments fell further.

Apple will hope the launch of an M4-packing, AI-focused OLED iPad Pro, as well as an iPad Air with a 12.9-inch screen size option, will give the slumping tablet market a needed boost. It will be interesting to see how much the new Pro costs, though; the cheapest current 12.9-inch iPad Pro comes in at $1,099.

Bang & Olufsen brings back iconic 6-disc CD changer from the 90s

Why it matters: After two decades of decline, compact disc sales saw a surprising uptick last year, prompting cautious optimism about the revival of this once-beloved format. However, one audio hardware manufacturer is already seizing the moment with a bold initiative.

Bang & Olufsen has announced the revival of a classic directly from the 90s. The new Beosystem 9000c music system features a fully restored and reimagined Beosound 9000 CD player that is paired with the company's modern Beolab 28 speakers for a "powerful listening experience." The speakers alone sell for more than $20,000 for the pair.

Mads Kogsgaard Hansen, head of product circularity & portfolio planning at Bang & Olufsen, said that more than showcasing their commitment to product longevity, they wanted to celebrate the revival of physical media that has taken place in recent years.

"Vinyls and CDs have returned to being something special, where people invest time and energy to connect with the music and artists they love," Hansen added.

With the Beosound 9000, disc art is front and center as all six CDs are visible under the glass lid, rather than being hidden away inside the machine.

This isn't the first time Bang & Olufsen has brought back a classic from its hardware catalog. In 2020, the company found 95 examples of its Beogram 4000 series turntable and "brought them back home" to Denmark for restoration. Each unit was fully disassembled, inspected, cleaned, and repaired where needed.

For its latest run, Bang & Olufsen secured 200 Beosound 9000 CD players and brought them back to the facility where they were manufactured in 1996. The six-disc CD changers with built-in AM/FM radio were fully disassembled and worked on by a team of skilled technicians – some of which helped build the Beosound 9000s all those years ago. Each was individually tested and fine-tuned to meet the company's exacting specifications.

The system also comes with a Beoremote One for control, although users can optionally control the player through the Beolab 28 speakers as well as via their smartphone.

The Bang & Olufsen Beosystem 9000c is being showcased at select company stores worldwide. Pricing is set at 50,000 euro ($53,553.30) and remember, the production run was limited to 200 units.

Match CEO's message to romance scam victims: "Things happen in life"

WTF?! Many victims of online scams feel too embarrassed to report the crimes over fears about looking naïve or technically and socially inept. This is especially true when it comes to romance scams, which is why they're so popular. But the CEO of the largest dating company in the US has some reassuring words for people who lost everything to criminals that took advantage of their vulnerability: "Things happen in life."

Bernard Kim, the CEO of Match.com and Tinder owner Match Group, was questioned by CBS News about an investigation by the publication into online romance scams perpetrated by overseas-based criminals. Kim was asked what he would say to those who have become victims of this crime.

"Look, I mean, things happen in life," Kim said. "That's really difficult. I have a tremendous amount of empathy for things that happen, but I mean, our job is to keep people safe on our platforms; that is top foremost, most important thing to us."

A total of more than $1.3 billion was stolen from victims of romance scams in 2022, with the average median loss at $4,400, writes the FTC. While many scammers use dating apps to target people, sending a message to random social media users is also a popular method. Nearly 70,000 people reported romance scams that year, but the real number of victims is likely to be much higher.

The FTC filed a lawsuit against Match Group in 2019 over claims that up to 30% of Match.com members were using the app to scam others. A spokesperson told Business Insider that the figures are misleading and the court dismissed the claims related to the number of sign-ups that may be scammers. Match Group argued at the time that it was not legally responsible for the interactions between scammers and their victims because of laws that protect internet platforms from legal action.

Match Group says it has expanded its security posture and invests more than $125 million a year to protect customers.

Most romance scams involve scammers spending time forming a relationship with victims online, using excuses such as being an offshore oil rig worker for why they can't meet up in person. Once they are close to the victim, the scammer uses a line to get them to send money. A quarter of the time, the excuse is, "I or someone close to me is sick, hurt, or in jail."

Financial losses aren't the only impacts of romance scams. Illinois resident Laura Kowal, 57, was discovered dead in the Mississippi River in August 2020 after being in a relationship for more than a year with a man she met on Match.com called "Frank." Kowal had wired the scammer $1.5 million.

"I've been living a double life this past year. It has left me broke and broken," Kowal wrote in a note to her daughter. "Yes, it involves Frank, the man I met through online dating. I tried to stop this, many times, but I knew I would end up dead." Federal agents traced the scammer's emails to Ghana.

Intel issues statement on Raptor Lake crashes, asks mobo makers to revise extreme BIOS defaults

What just happened? Owners of Intel's latest 13th-gen Raptor Lake or 14th-gen Raptor Lake Refresh processors have been complaining about instability issues for a while. Now, the chip giant is finally shedding some light on what's causing the problems.

According to a leaked message seemingly intended for motherboard manufacturers, which was obtained by Igor's Lab, Intel says the root cause hasn't been pinpointed yet, but it has spotted a pattern. The company claims the stability headaches are mostly impacting unlocked, overclockable systems where manufacturers have gone a little overboard disabling safeguards in pursuit of pushing frequencies.

In the notice, Intel states it has "observed the majority of reports of this issue are from users with unlocked/overclock capable motherboards." It goes on to list some of the specific settings and protection mechanisms that have been switched off on many 600 and 700-series boards, like Current Excursion Protection, thermal velocity boost limits, C-state disabling, and jacking up power limits beyond recommended specs.

Essentially, in the endless battle for benchmarking crowns, some motherboard manufacturers have been shipping BIOSes primed for pushing Intel's latest chips way past their typical operating conditions out of the box. While great for boosting scores, it's also been a recipe for crashes, BSODs, and other instability symptoms under heavy workloads like gaming.

The company wants system builders to start implementing default BIOS profiles that stick to Intel's officially recommended ranges. It even says motherboard vendors should start showing warnings when users try enabling any unlocked or overclocking features that could destabilize things.

Intel's still digging into pinpointing the core issue but plans to publish official BIOS setting recommendations by May to help get things under control. In the meantime, a few manufacturers have already started rolling out BIOS updates to dial back some of the more extreme power profiles and limits.

Asus was first, pushing out new BIOS revisions with an "Intel Baseline Profile" for reining in the voltage and power thresholds. Gigabyte put out some beta BIOS builds last Friday aiming to enhance stability by killing off the "optimized" high-power presets thought to be inducing the crashes. MSI took a different approach, opting to release a guide showing users how to manually reset power and current caps back to Intel's recommended defaults.

Even Nvidia has weighed in, with its latest GeForce driver release notes pointing GPU owners with 13th- or 14th-gen Intel chips to troubleshooting resources if they're experiencing crashes, out-of-memory errors, or other instability – presumably from the same underlying issue.

So, if you've had problems with your shiny new Raptor Lake CPU going a little haywire, help is on the way. Just be ready to accept a bit of a performance tradeoff, at least until Intel and its partners can get a real fix implemented.

FTC distributes $5.6 million in refunds to Ring customers from privacy settlement

What just happened? Ring, the smart home security company owned by Amazon, found itself in the crosshairs of the Federal Trade Commission back in 2023 over some serious privacy missteps. Now, over twelve months later, the commission is sending $5.6 million in refunds to customers as part of the settlement Ring agreed to last year.

The settlement stems from charges that Ring failed to properly safeguard video footage from its popular doorbell cameras and indoor security cams. According to the FTC's complaint, Ring employees and contractors were able to access customers' private videos without consent for purposes like training AI algorithms.

Even more concerning, the earlier regulators found that Ring neglected to implement basic security practices, allowing hackers to breach customer accounts and gain control over cameras and videos between 2016 and 2020. The FTC didn't mince words, calling it an "egregious violation of users' privacy."

Under the terms of the settlement, Ring had to delete any unlawfully obtained video content and agree to much stronger security measures going forward. But the biggest immediate impact is the $5.6 million the company paid as fine to the FTC, which is now being refunded to affected customers.

This week, the FTC announced it is distributing over 117,000 PayPal payments to eligible Ring owners who had devices during the timeframe when unauthorized access occurred. Customers have 30 days to redeem the payments before they expire.

While Ring seemingly downplayed the incident, telling The Associated Press that bad actors took emails and passwords "stolen from other companies to unlawfully log into Ring accounts of certain customers" who reused the same credentials across multiple sites back in 2019, the revelations paint a troubling picture of lax security and oversight at the company.

Previously, there were reports that revealed not only did Ring give broad video access to staff and contractors, but some employees even took advantage, viewing thousands of video clips from female customers in private settings like bedrooms and bathrooms.

One particularly disturbing case involved an employee who was only caught and fired after another co-worker noticed their inappropriate snooping on customer videos.

For consumers considering Ring or other smart home cameras and security products, this saga underscores the importance of vendors establishing rigorous safeguards and earning trust. After all, you're effectively giving these companies a window into your private spaces.

The Chips Act is rebuilding US semiconductor manufacturing, so far resulting in $327 billion in announced projects

Forward-looking: The Chips Act was born out of a desire to give the US economy a boost following the pandemic and to improve its competitiveness profile on the global stage. Little did its advocates know how successful it would prove to be. Thanks to the investments, by 2030, the US will probably produce around 20% of the world's most advanced chips, up from zero percent today.

Last week President Biden visited Syracuse, NY, to do something government officials typically do: tout a massive investment in the local economy. But this was not just any investment – it was $6.1 billion provided by the CHIPS and Science Act to Micron Technology, which plans to spend $100 billion building a manufacturing campus in Syracuse's northern suburbs, as well as a factory in Boise, Idaho.

The investment will have significant impacts on Syracuse, which is hopeful it will revive the local economy. It has a larger significance as well: it is the latest in a series of federal grants doled out under the Chips Act that has spurred an unexpected investment boom across the US.

Multi-billion-dollar grants have been provided to Intel for projects in Arizona, Ohio, New Mexico and Oregon; TSMC for projects in Arizona; and most recently Samsung for projects in central Texas.

The US government has now spent over half of its $39 billion in Chips Act incentives with chip companies and supply chain partners announcing investments totaling $327 billion over the next 10 years. There has also been a 15-fold increase in the construction of manufacturing facilities for computing and electronics devices.

Consider the impact of the Micron investment. Its Idaho facility is expected to be production-ready by 2026, followed by the two facilities in New York in 2028 and 2029. The White House predicts they will create 20,000 construction and manufacturing jobs as well as tens of thousands of indirect jobs in the regions.

It is doubtful the Act's proponents envisioned such wild success when they were advocating for its passage. Instead, the focus was on the increasingly dwindling competitiveness of the US semiconductor industry on the global stage.

As the Semiconductor Industry Association noted at the time, the share of modern semiconductor manufacturing capacity located in the US has eroded from 37% in 1990 to 12% today, mostly because other countries' governments have invested ambitiously in chip manufacturing incentives and the US government has not. Meanwhile, federal investments in chip research have held flat as a share of GDP, while other countries have significantly ramped up research investments.

Fast forward a few short years and Commerce Secretary Gina Raimondo is claiming that by 2030, the US will probably produce around 20% of the world's most advanced chips, up from zero percent today.

This will go far in reducing the US' dependence on global supply lines, a painful lesson brought home during the pandemic. It probably won't mean complete self-sufficiency, given that the US consumes over a quarter of the world's chips, writes Chris Miller, author of Chip War, in the Financial Times.

"Production of smartphones and consumer electronics would be disrupted in the event of a crisis in east Asia, an ever looming fear," he says. "But this production would be roughly enough for the needs of critical infrastructure like data centers and telecoms."

China's Loongson claims its latest CPUs are a match for Intel's 10th-gen in single-core performance

In brief: Beijing was the setting for some bold claims from Loongson this week about its homegrown processor lineup. The Chinese tech firm says it has leveled up its CPU intellectual property in a big way, without relying on any third-party sources. It's an ambitious goal to take on the heavyweights of x86 and Arm with its "Dragon" architecture.

Loongson Vice President Zhang Ge revealed that the company has made huge strides in single-core performance through its R&D efforts. While admitting that its chips lag mainstream offerings in multi-core grunt, Loongson claims its latest iterations have seen up to a 20x gain in single-core capabilities.

The newly-launched 3B6600 and 3B7000 processors were shown off as examples of this progress. The mobile-focused 3B6600 packs eight LA864 cores ticking at 3 GHz along with integrated "LG200" graphics. Meanwhile, the likely desktop-bound 3B7000 is slim on details other than a boost up to 3.5GHz clock speed and modern interfaces like PCIe 4.0, SATA 3.0, USB 3.0, GMAC, and HDMI support.

The integrated GPU front is also getting an overhaul at Loongson. Its new graphics architecture will support OpenGL 4.0, OpenCL 3.0, and debut with INT8 tensor cores to accelerate AI workloads. The iGPU itself tops out at a respectable 256 GFLOPS, while a discrete card using the same GPU could reach a hefty 1 TFLOP of compute power for intensive tasks.

Last year saw the launch of Loongson's 3A6000 chip, a quad-core CPU at 2.5GHz. Performance benchmarks from a Chinese testing agency purportedly put it on par with 2020's Intel 10th-gen quad-core CPUs. The 3A6000 uses Loongson's LoongArch ISA derived from MIPS, achieving scores like 43.1/54.6 in single-thread SPEC tests and 7400 in Unixbench.

If Loongson's performance claims prove accurate, these chips could make a serious dent in China's reliance on foreign silicon from the likes of Intel, AMD, Arm, and Nvidia.

With the Chinese government already blocking Intel/AMD products in some key sectors and aggressively pushing domestic chip alternatives, Loongson's homegrown solutions have the potential to proliferate in the lucrative education and government markets. We may even see these CPUs and GPUs start hitting mainstream consumer PCs across China before long.

Intel has a wafer-level assembly problem, and it's hurting Core Ultra sales

The big picture: Customers are clamoring for Intel's Core Ultra CPUs, but the chipmaker is facing a bottleneck in wafer-level assembly at the back end. It's a significant problem – dire enough that Intel is projecting flat revenues for the second quarter, partly due to this constraint. Intel is moving swiftly to expand capabilities in this area, but demand shows every sign of continuing to outpace supply, at least in the near term.

Intel faces a challenge. Its ramp-up of Core Ultra, led by Meteor Lake, continues to accelerate beyond its original expectations, with units projected to double sequentially in the second quarter. Specifically, the three Core Ultra families – Core Ultra 100 (Meteor Lake), Core Ultra 200 (Arrow Lake), and Core Ultra 200V (Lunar Lake) – are projected to push shipments above 40 million AI PC units by the end of 2024.

This sounds like great news, right? Indeed, it is. However, here lies the problem: Intel's production is being hindered by its supply of wafer-level assembly, according to CEO Pat Gelsinger.

In Q1, Intel's revenues grew by nine percent year over year to $12.7 billion, driven in part by a 31 percent YoY increase in client computing sales, which accounted for $7.5 billion of its overall revenues. Despite the surge in demand for AI PCs, the chipmaker reported an overall loss of $437 million for the quarter. Additionally, the revenue forecast for the second quarter, ranging between $12.5 billion and $13.5 billion, fell short of the $13.6 billion expected by financial analysts.

One reason for the anticipated flat revenues in Q2, according to both Gelsinger and CFO David Zinsner, is the bottleneck in wafer-level assembly.

"Seasonal client revenue is constrained by wafer level assembly supply, which is impacting our ability to meet demand for our Core Ultra-based AI PCs," Gelsinger said during the earnings call.

Intel has been addressing this issue by expanding semiconductor capacity in the US, Europe, and Asia. Gelsinger mentioned in a media briefing in Taipei late last year that the company is deploying wafer-level assembly and chip packaging manufacturing capabilities in Malaysia. Additionally, in the US, Intel is constructing new fabs in Oregon, Arizona, New Mexico, and Ohio. It has also unveiled major investment plans in Ireland, Poland, and Germany to build leading-edge semiconductor factories.

However, like its competitors, Intel is finding that demand is overwhelming supply. Gelsinger explained that Intel has been meeting its existing customer commitments, but many are returning and requesting additional shipments across different markets.

The company is "racing to catch up to those upside requests," he said, attributing the constraint to the back-end wafer-level assembly, which is one of the new capabilities included in Meteor Lake and subsequent client products. "So with that we're working to catch up and build more wafer level assembly capacity to meet those."

Gelsinger acknowledged that demand will only intensify with Microsoft's expected update to Windows 11. "Add in a second-half Windows upgrade cycle, which we believe is underway, and Core Ultra is hot," Gelsinger said.

Nintendo Switch 2 will likely be larger and feature magnetic Joy-Cons

Rumor mill: We've heard about estimates concerning the performance, software features, and release date of the successor to the Nintendo Switch. However, very few details have emerged regarding its appearance or input methods. A recent report suggests that Nintendo is taking extraordinary measures to keep it that way.

Sources have provided details to the Spanish gaming blog Vandal regarding the size and controller connectivity of the Nintendo Switch 2. While rumors should always be taken with a grain of salt, Vandal has an established track record. The blog previously reported on aspects of the Nintendo Switch OLED before that model's release.

Nintendo has reportedly allowed accessory manufacturers to handle the upcoming handheld console without being able to see it, in a sort of black box demonstration.

All those sources agreed that the final hardware is ready, bolstering prior reports stating that Nintendo decided to delay its launch to early 2025 primarily to give developers more time to prepare launch titles.

According to the manufacturers' impressions, the Switch 2 is larger than the original and OLED models but not as big as Valve's Steam Deck handheld PC. This aligns with prior rumors suggesting that Nintendo's new device will feature an 8-inch LED display – a one-inch increase over the OLED. However, it's unclear whether the Switch 2 will increase its native screen resolution beyond the current platform's 720p.

Update (April 28): A second big "leak" comes from Mobapad, a Switch accessories manufacturer, who has provided more details about the Switch 2. The maker claims the new console will feature a larger 8-inch screen with a 1080p resolution and an improved kickstand with a damping bracket for better angle adjustment. It will also keep support for existing Joy-Con and Pro controllers via Bluetooth.

The Switch 2 should be compatible with Switch 1 cartridges, though it will introduce a new cartridge format that won't be backward compatible. They also claim that the design updates includes larger Joy-Cons that attach magnetically to the console with additional buttons located behind each Joy-Con and below the right Joy-Con's home button. The Switch 2 dock would receive an upgrade to support 4K resolution output via USB-C.

The rest of the original story follows below:

Additionally, the new console will still use detachable Joy-Cons, but they will connect to the base unit using magnets instead of rails. While the Switch 2 won't support the original console's Joy-Cons, Pro controllers currently on the market will work. There is no word on whether the new controllers will address the stick drift issue that has plagued Joy-Cons and other gamepads for years.

Previous reports indicated that the Switch 2 will likely be backward compatible with physical and digital games for its predecessor, but an exact picture of the new console's horsepower has been elusive.

Its graphics might be based on Ampere – the same architecture as Nvidia's GeForce RTX 3000 GPUs – using an 8nm process. Performance estimates vary widely, with some rumors suggesting it could land near the PlayStation 4 or Steam Deck, while more optimistic reports put it closer to the Xbox Series S in the best-case scenario.

A behind-closed-doors demonstration at Gamescom last year allegedly showed the console running the Matrix Awakens Unreal Engine 5 demo.

DARPA unleashes 20-foot autonomous robo-tank with glowing green eyes

TL;DR: The Pentagon's mad scientists have been cooking up a beast of an unmanned combat vehicle, and it just took a major step forward. DARPA recently put its 12-ton RACER Heavy Platform (RHP) autonomous tank through a fresh round of testing out in the wild.

For those not in the know, DARPA has been working on self-driving military vehicles for two decades now as part of its RACER (Robotic Autonomy in Complex Environments with Resiliency) program. The goal is to develop autonomous ground vehicles that can navigate off-road terrain without any human input.

This newest phase involved letting the RHP loose on some legit US military training grounds in Texas. The video showed off rugged, obstacle-filled environments packed with vegetation, waterways, ditches, and rocky outcrops. Exactly the kind of hellish conditions that could give a self-driving system a full-on meltdown.

But DARPA's 20-foot-long unmanned behemoth seemed to handle it all without breaking a sweat. The agency reports the RHP knocked out 30 miles of autonomous route-following and cruised along at speeds of up to 25 mph.

To clarify, the RHP testing, assisted by University of Washington and NASA's Jet Propulsion Laboratory, occurred late 2023 but has just been announced by DARPA.

One peculiar feature that stood out in the video was the vehicle's glowing green eyes. They do add a touch of futurism that DARPA was likely trying to go for but also appear a tad quirky at times. Apparently, they serve a purpose - a spokesperson for the agency told Gizmodo that "it's just an indicator light to show the status of the vehicle. Green = it's on and in autonomy mode."

Anyway, DARPA says that the 12-ton RACER is designed to support other members of the RACER Fleet Vehicles (RFVs). But those other vehicles are more like self-driving ATVs. Meanwhile, this tank-scaled RHP takes autonomous capabilities to a whole new level of heavy-duty.

DARPA intends to keep iterating on RACER every 6 months or so, continually ramping up the autonomous tech. The RHP is based on an existing Textron combat vehicle platform used by the Army.

Ultimately, the agency seems to be aiming for unmanned combat vehicles that can roll into battle without risking human lives. These could handle dangerous roles like scouting, resupplying, or even paving the way with firepower before troops move in. An AI-driven tank definitely sounds terrifying. But it might just offer a safer alternative to boots on the ground.

Of course, we're still years away from anything like that becoming an actual deployable system. DARPA has been at this RACER rodeo since 2004 when it started with just getting a self-driving car to navigate a simple 1-mile course. Now, two decades later, it has an autonomous tank tearing across training grounds.

Microsoft's Phi-3 Mini boasts ChatGPT-level performance in an ultralight 3.8B parameter package

Why it matters: Advanced AI capabilities generally require massive cloud-hosted models with billions or even trillions of parameters. But Microsoft is challenging that with the Phi-3 Mini, a pint-sized AI powerhouse that can run on your phone or laptop while delivering performance rivaling some of the biggest language models out there.

Weighing in at just 3.8 billion parameters, Phi-3 Mini is the first of three compact new AI models Microsoft has in the works. It may be small, but Microsoft claims this little overachiever can punch way above its weight class, producing responses close to what you'd get from a model 10 times its size.

The tech giant plans to follow Mini up with Phi-3 Small (7 billion parameters) and Phi-3 Medium (14 billion) later on. But even the 3.8 billion-parameter Mini is shaping up to be a major player, according to Microsoft's numbers.

Those numbers show Phi-3 Mini holding its own against heavyweights like the 175+ billion parameter GPT-3.5 that powers the free ChatGPT, as well as French AI company Mistral's Mixtral 8x7B model. It's not bad at all for a model compact enough to run locally with no cloud connection required.

So how exactly is size measured when it comes to AI language models? It all comes down to parameters - the numerical values in a neural network that determine how it processes and generates text. More parameters generally mean a smarter understanding of your queries, but also increased computational demands. However, this isn't always the case, as OpenAI CEO Sam Altman explained.

While behemoth models like OpenAI's GPT-4 and Anthropic's Claude 3 Opus are rumored to pack several hundred billion parameters, Phi-3 Mini maxes out at just 3.8 billion. Yet Microsoft's researchers managed to get amazing results through an innovative approach to refining the training data itself.

By focusing the relatively tiny 3.8 billion parameter model on an extremely curated dataset of high-quality web content and synthetically generated material evolved from previous Phi models, they gave Phi-3 Mini outsize skills for its lean stature. It can handle up to 4,000 tokens of context at a time, with a special 128k token version also available.

"Because it's reading from textbook-like material, from quality documents that explain things very, very well, you make the task of the language model to read and understand this material much easier," explains Microsoft.

The implications could be huge. If tiny AI models like Phi-3 Mini really can deliver performance competitive with today's billion-plus parameter behemoths, we may be able to leave the energy-guzzling cloud AI farms behind for everyday tasks.

Microsoft has already made the model available to put through its paces on Azure cloud, as well as via open-source AI model hosts Hugging Face and Ollama.

Who is Prabhakar Raghavan and why is he accused of killing Google Search?

It's not your imagination: Google Search has gotten progressively worse over the years and at least one study confirms it. But until now most of us believed this was due to some corporate strategy hatched in a room full of executives. Not so, writes Edward Zitron, pointing the finger at Prabhakar Raghavan, current senior VP at Google, responsible for Search, Assistant, Ads, and a few other divisions. Formerly, in charge of Yahoo Search in the 2000s. Ouch.

A study earlier this year by German academics verified what many users of Google search had long suspected: the search engine, once the gold standard for such activities, had been getting worse. The reason, the researchers concluded, is that too much low-quality content was being optimized to appear higher in search results than information of higher caliber. This was due to popular online marketing strategies such as affiliate marketing, which incentivizes the mass production of such content to maximize clicks.

The study, which came from Leipzig University, Bauhaus-University Weimar, and the Center for Scalable Data Analytics and Artificial Intelligence, also analyzed results from the Bing and DuckDuckGo search engines, noting that Google performed better than its counterparts in several key areas.

Given its outsized presence in the search engine space, though, the findings about Google were significant.

What the study did not do was identify a particular culprit responsible for Google Search's decline. More recently, Edward Zitron in his newsletter article, titled "The Man Who Killed Google Search" took care of that in no uncertain terms. He identified that man as Prabhakar Raghavan, the senior vice president responsible for Search, Assistant, Geo, Ads, Commerce, and Payments products. Zitron, though, describes him as "a computer scientist class traitor who sided with the management consultancy sect."

Zitron starts his story in 2019 when Google's ads team raised an alarm about the declining search revenue growth. In emails that were eventually released as part of the Department of Justice's antitrust case against Google, Jerry Dischler, then the VP and General Manager of Ads at Google, noted that search query growth was "significantly behind forecast," the "timing" of revenue launches was significantly behind, and he expressed a vague worry that "several advertiser-specific and sector weaknesses" existed in search.

What followed next was a corporate battle between the ads team, led by Raghavan, and the search team led by Ben Gomes, whom Zitron calls a hero, albeit one that was ultimately defeated.

The ads team was not interested in maintaining search quality and pushed to prioritize growth metrics. Gomes argued on behalf of the user experience and charged that "growth is all that Google was thinking about."

Raghavan won the philosophical argument and a little over a year later became the head of Search. After nearly 20 years of building Google Search, Gomes would be relegated to SVP of Education at Google, Zitron wrote. "Gomes, who was a critical part of the original team that made Google Search work, who has been credited with establishing the culture of the world's largest and most important search engine, was chased out by growth-hungry managerial types led by Prabhakar Raghavan, a management consultant wearing an engineer costume."

The Justice Department emails provide even more detail about this narrative arc, and Zitron urges readers to look them up. They "tell a dramatic story about how Google's finance and advertising teams, led by Raghavan with the blessing of CEO Sundar Pichai, actively worked to make Google worse to make the company more money."

This genius tool ensures flawless thermal paste application every time

Why it matters: Applying thermal paste is one of those PC building tasks that sounds simple in theory but can be a real pain in practice. You can try to be as careful as possible when spreading that little dollop of goo evenly across the CPU's heat spreader, but one wrong move and you end up with a mess or uneven coverage. Well, say goodbye to those worries with the genius X-Apply thermal paste applicator.

This "idiot-proof" tool is basically a big stencil that fits right over your CPU socket. Rather than applying paste directly to the CPU, you smear it across the stencil's surface. The stencil has a precise pattern of holes that allows the perfect amount of paste to pass through onto the heat spreader below in a flawless, even layer. It's such a simple idea it almost makes you wonder why no one came up with it before.

The brains behind X-Apply are the folks at DigitalBlizzard and renowned tech tester Igor Wallossek from Igor's Lab. After some collaboration and refinement, they've created a product that makes applying thermal paste a total breeze, even for first-time builders.

The discussions about the correct application of thermal paste are as old as the pastes themselves. Reason enough to think about an application aid that is as foolproof as possible :)https://t.co/Zt3pQPS2bD pic.twitter.com/J2l1kMivz6

– Igor Wallossek (@IgorWallossek) April 25, 2024

Wallossek put X-Apply to the test on an Intel Core i9-13900K running at a beefy 200W power level. Comparing its thermal performance to a conventional "sausage" pattern paste application, he found the X-Apply method kept things just a few degrees cooler on average. The average temperatures stood at 73°C with a 77°C peak using the stencil, compared to 75°C and 78°C without. Not a night and day difference, but an important improvement nonetheless, considering the sausage method was previously found to be the best thermal application technique.

More importantly, X-Apply eliminates the potential for uneven or incomplete paste coverage that can happen with manual application. Those bare spots on the heat spreader are a definite no-no for effective heat transfer.

While careful manual application can certainly get the job done for a single build, X-Apply shines for anyone building PCs en masse - whether that's system builders, enthusiasts frequently swapping CPUs, or overclockers constantly reapplying paste. Instead of painstakingly reapplying paste for the 100th time, just smear, peel, and you're good to go.

X-Apply films are not commercially available just yet, but they are coming soon in specific versions for the latest AMD AM5 and Intel LGA 1700/1800 sockets, as well as a universal "X-Apply X" that can be custom cut.

US investigators link Tesla Autopilot to dozens of deaths and almost 1,000 crashes

The big picture: Tesla vehicles are no stranger to controversy, with the company's Autopilot system being a major source of negative press. However, a recent report from US regulators renders the scale of Tesla Autopilot failures in hard numbers. The hundreds of crashes and dozens of deaths were primarily the result of drivers misunderstanding what "Autopilot" really means.

A newly published report from the National Highway Traffic Safety Administration (NHTSA) links Tesla's Autopilot systems to nearly 1,000 crashes from the last few years, over two dozen of them fatal. Most were caused by inattentive drivers who may have falsely believed that the company's driver assistance systems amounted to full-blown self-driving.

The investigation details 956 crashes between January 2018 and August 2023, resulting in well over 100 injuries and dozens of deaths. In many incidents, a crash occurred several seconds after the vehicle's Autopilot system detected an obstruction that it didn't know how to negotiate, ample time for an attentive driver to avoid an accident or minimize the damage suffered.

In one example from last year, a 2022 Model Y in Autopilot hit a minor stepping out of a school bus in North Carolina at "highway speeds." The victim suffered life-threatening injuries, and an examination revealed that an observant driver should have been able to avoid the accident.

Tesla's Autopilot functionality isn't a fully autonomous driving system. Defined as a Level 2 self-driving system, it simultaneously assists with actions like steering, braking, acceleration, lane centering, and adaptive cruise control. However, it still requires the driver to keep their eyes on the road and both hands on the steering wheel.

Also see: The Six Levels of Self-Driving Systems

A 2022 study revealed that many drivers mistakenly believe that existing driver assistance functions like Tesla's Autopilot make cars fully autonomous. Mercedes-Benz recently became the first company to sell Level 3 vehicles in the US, which can become fully autonomous in limited scenarios. Still, the automaker's self-driving vehicles can only be used on certain California highways during the daytime and must be in clear weather.

Inclement weather and challenging road conditions were behind some of the Tesla incidents in the NHTSA report. In 53 cases, the autosteering function failed when the car lost traction. In a further 55 episodes, drivers inadvertently activated manual override by using the steering wheel and almost immediately crashed because they believed Autopilot was still engaged.

Tesla has addressed prior Autopilot flaws with over-the-air updates, but perhaps it should focus on better communicating the feature's limits to users.

Gigabyte and MSI also provide BIOS settings to address Intel crashing CPUs

In context: Reviewers, CPU owners, and engineers have for the last several months endured stability issues related to several Intel 13th- and 14th-gen processors. Further investigation attributed the issues to the BIOS settings used by many Intel motherboard partners, which use "optimized" settings ignoring Intel's default maximum power limits. This week, Gigabyte and MSI joined Asus in providing additional BIOS versions and configurations aimed at alleviating these issues and adhering to Intel's power specifications.

Gigabyte's latest beta BIOS, announced on Friday, provides a new Intel Baseline feature on its Z790 and B760 series motherboards. According to the announcement, the new beta BIOS is designed to provide enhanced stability by eliminating the high power "optimized" settings thought to induce the instability associated with Intel's 13th- and 14th-generation i7 and i9 CPUs.

The new Gigabyte BIOS, which is available via the applicable motherboard product pages, provides access to the new Intel BaseLine power limit setting under the BIOS' Tweaker tab. According to the update's description, the new BIOS optimizes current excursion protection (CEP) and power settings, provides processor support and optimization for the i9-14900KS, updates the Intel APO (DTT) framework version to 9.0.11405.42569, and adds the Intel BaseLine turbo power limits for the 13th- and 14th-gen K-series CPUs.

On Thursday, MSI provided its own workaround to alleviate the ongoing stability issues. Rather than releasing an updated BIOS, MSI instead provided a how-to guide describing how users can leverage existing BIOS features to restore Intel's recommended power and current limits.

MSI users running Core i9-13900K and Core i9-14900K processors can easily restore Intel-recommended default power limits through the BIOS' OC panel and CPU Cooler Tuning setting. Rather than defaulting to optimized BIOS settings allowing maximum power draw, MSI's Boxed Cooler option limits the CPU to a much more modest 253W. Users can also select the Intel Default option in the MSI BIOS' CPU Lite Load Control. According to MSI, while these lower default settings may increase stability, they could also result in an increase in the processor's voltage.

The updates from Gigabyte and MSI are similar to the firmware updates released by Asus earlier this week. Intel is continuing to work closely with its board partners to further identify the cause of the issue and potential solutions. While reducing power and overall performance may not be ideal, it certainly beats sitting in front of your high-end PC and wondering if it's going to hold out or crash mid-game.