Is it just me, or does the inclusion of a Microsoft Pluton HSM (and of course the AMD PSP) inside the SoC make this a no-go for security critical stuff?
I'm sure systems vendors will love putting these in Windows laptops (a growing market with a bright future, I'm sure) but I can't imagine hackers having much use for these things.
> Another cool use of low power, always-on DSPs is using ultrasound sonar to detect humans. AMD’s ultrasound runs at above 20 KHz but below 35 KHz, letting it get through the microphone and speaker’s band pass filters. Then, it can use Doppler shift to distinguish human movement from static objects in the same way that a look-down radar filters out ground clutter.
This chip sounds pretty creepy, although I doubt it'll be possible to escape from this sort of thing. The US spies will be loving these feature trends.
This will be torture for dogs. I is like a 5 kHz tone for humans.
All laptops with a 5 kHz tone would be returned as defective. In the 90's harddrives often had a 7200 Hz whine which was enourmously annoying. Todays harddrives are silent compared to the old ones.
I agree it could be torture for all sorts of creatures, including small humans.
But whether anything is bothered by the sound depends on the energy level and other characteristics. Spread spectrum ultrasound sonar below the local noise floor may be technically feasible, though perhaps not with regular laptop speakers and audio circuitry.
Dogs survived CRT monitors and TVs, so I'd assume their behaviour would be known in that instance.
I'm unlucky enough to hear 15 kHz, and you'd easily hear any TVs turned on two storeys away. CRT ultrasounds used to be unbearably, migraine-inducing loud.
I assume laptop speakers wouldn't be anywhere as bad.
I was just reading about the use of this and the company it looks like these are from (mobile so I don't have the name handy but it looks like Lenovo T14 g4 uses it) one of the "features" is to auto lock the machine and another is for auto monitor finding so it can lay out the desktop magically based on where it thinks monitors are to the laptop. Kinda neat. I'm not sure how it'll work for most offices based on the demos though. It looked like it could just decide if a monitor was right or left but most monitors are above AND right/left on mounts.
Documentation may be feared since it could be used to attack the Xbox or surface devices' security. Plus their documentation mode has been moving to "make the customer do it" with their GitHub docs - at a conference they were giving away swag to people who would write articles for them.
Microsoft has a long history of refusing to document stuff. They also have a long history of being evil, so it's probably not interesting for them to document it to seem less evil.
It really depends on how you define and measure security. A Windows install's attack surface is massive with tons of legacy crap there for backwards compatibility that is very hard to secure properly. Having a TPM and hardware attestation can only get you so far.
A random Linux distribution can be a very minimal one, and can have sandboxing too, which is what I presume what you equate to security.
I define security by actually taking the steps to make it happen.
Linux sandboxing isn't on the same level as Windows 11 Professional, as it doesn't do user space drivers for most stuff, runs drivers in their own sandbox and has critical kernel components running on their own sandbox.
All coupled with hardware attestation zones via TPM, SGX and now Pluton.
> Linux sandboxing isn't on the same level as Windows 11 Professional, as it doesn't do user space drivers for most stuff, runs drivers in their own sandbox and has critical kernel components running on their own sandbox.
Nothing except the last part you said about Windows 11 is true. And the only "critical kernel component" which as of today by default runs on its own sandbox is the protected media path, aka DRM. Anything that could even be remotely interesting is not available on the Pro edition.
It's funny that there are two people in this comment thread praising Windows' security, and both are aggressively antagonistic for no reason.
Considering Microsoft's general security posture (e.g. check the number of critical cross-tenant and trivial to exploit security issues in Azure - which is unique among cloud providers in their number, criticality and triviality), I wouldn't trust them in the slightest. I know Azure and Windows are different business units, but if nobody in Azure cares about reliability or security, as is obviously the case, I severely doubt that's an organisation that puts emphasis on either.
Also in recent times the biggest DDoS attacks are done by Linux-based botnets. Typically the botnet operators use SSH brute forcing to infect everything from IoT devices to big servers.
However Linux is not to blame that it's used in idiotic IoT and server configurations.
That's extremely vague. The CVE database is a spectacularly terrible thing to use to try and assess comparative "security" because there are so so many things social, organizational and cultural that affect whether and how an issue gets discovered, reported (or hushed up), appropriately scored (almost a nonsense in itself), or has interaction with other components taken into account. For instance it is 100% routine to register any buffer overflow as a CVE, even cases which will always be stopped by compiler hardening flags or OS hardening features.
This sort of citation or "research" is not remotely what the CVE database is for.
Then don't put an irrelevant citation if you don't want to play the game.
One is peer reviewed, another isn't, so it's like comparing results from a self-reported against an academically measured study.
The availability of Windows source for partners is nothing compared to how many educated eyes are on the Linux source at a given moment.
Of course none of this matters because the BSDs are more secure than both but they wouldn't pick them over Windows IRL anyways. Why Windows are preferred is a matter of business and not technology. This is a long topic and if you were in Usenet advocacies you know what it's all about. Support, logistics, number of trained people in the market, certifications, so on and so forth. Linux doesn't have an easy fight there.
I'm sure systems vendors will love putting these in Windows laptops (a growing market with a bright future, I'm sure) but I can't imagine hackers having much use for these things.