copilot+ PC

ifixit-says-new-arm-surface-hardware-“puts-repair-front-and-center”

iFixit says new Arm Surface hardware “puts repair front and center”

copilot+ PC, microsoft, Microsoft Surface, qualcomm, snapdragon x elite, Tech, Windows 11, windows 11 24h2, windows on arm / /

how things have changed —

Both devices make it relatively easy to get at the battery and SSD.

Microsoft's 11th-edition Surface Pro, as exploded by iFixit. Despite adhesive holding in the screen and the fact that you need to remove the heatsink to get at the battery, it's still much more repairable than past Surfaces or competing tablets.

Enlarge / Microsoft’s 11th-edition Surface Pro, as exploded by iFixit. Despite adhesive holding in the screen and the fact that you need to remove the heatsink to get at the battery, it’s still much more repairable than past Surfaces or competing tablets.

For a long time, Microsoft’s Surface hardware was difficult-to-impossible to open and repair, and devices as recent as 2019’s Surface Pro 7 still managed a repairability score of just 1 out of 10 on iFixit’s scale. 2017’s original Surface Laptop needed to be physically sliced apart to access its internals, making it essentially impossible to try to fix the machine without destroying it.

But in recent years, partly due to pressure from shareholders and others, Microsoft has made an earnest effort to improve the repairability of its devices. The company has published detailed repair manuals and videos and has made changes to its hardware designs over the years to make it easier to open them without breaking them and easier to replace parts once you’re inside. Microsoft also sells some first-party parts for repairs, though not every part from every Surface is available, and Microsoft and iFixit have partnered to offer other parts as well.

Now, iFixit has torn apart the most recent Snapdragon X-powered Surface Pro and Surface Laptop devices and has mostly high praise for both devices in its preliminary teardown video. Both devices earn an 8 out of 10 on iFixit’s repairability scale, thanks to Microsoft’s first-party service manuals, the relative ease with which both devices can be opened, and clearly labeled internal components.

Beneath the Surface

To open the Surface Laptop, iFixit says you only need to undo four screws, hidden beneath the laptop’s rubber feet; at that point, the bottom of the machine is only attached by magnets, rather than breakable retention clips. Opening the bottom of the laptop provides easy access to the battery and an M.2 2232 SSD. Labels inside the device indicate which screws need to be removed to replace which parts, and what kind of screwdriver you’ll need to do the job; scannable barcodes also make it easier to find repair manuals and parts on Microsoft’s site. Most other parts are easy to remove and replace once the bottom of the laptop is off.

The Surface Pro’s best repairability feature remains its easily accessible M.2 2232 SSD, present under a pop-off cover on the back of the tablet. From there, things get more difficult—accessing the battery and other components requires removing the screen, which is still held in place with adhesive rather than screws or magnets. This adhesive needs to be removed—iFixit cut it away with a thin plastic tool, and closing the tablet back up securely would likely require new adhesive to be applied. Once inside, the parts and screws are still labeled clearly, but you do need to remove the entire heatsink before you can replace the battery.

iFixit uses slightly different criteria for evaluating the repairability of laptops and tablets since tablets are more tightly integrated devices. So despite the identical repairability scores, the Surface Pro remains slightly more difficult to open and fix than the laptop; iFixit is just comparing it to devices like the iPad Air and Pro rather than other PC laptops, and the Surface Pro still looks better than other tablets by comparison despite the use of adhesive.

The teardown video didn’t detail exactly why iFixit knocked points off of each device’s repairability score, though iFixit took note of the soldered-down non-upgradeable RAM and Wi-Fi/Bluetooth modules. Both devices also use way more screws and clips than something like the Framework Laptop, which could also be a factor.

We’ve been using the new Snapdragon-powered Surface devices for a few days now, and we’ll have more thoughts to share about the hardware and its performance in the coming days.

iFixit says new Arm Surface hardware “puts repair front and center” Read More »

windows-11-24h2-is-released-to-the-public-but-only-on-copilot+-pcs-(for-now)

Windows 11 24H2 is released to the public but only on Copilot+ PCs (for now)

AI, copilot+ PC, Tech, Windows 11, windows 11 24h2 / /

24h2 for some —

The rest of the Windows 11 ecosystem will get the new update this fall.

Windows 11 24H2 is released to the public but only on Copilot+ PCs (for now)

Microsoft

For the vast majority of compatible PCs, Microsoft’s Windows 11 24H2 update still isn’t officially available as anything other than a preview (a revised version of the update is available to Windows Insiders again after briefly being pulled early last week). But Microsoft and most of the other big PC companies are releasing their first wave of Copilot+ PCs with Snapdragon X-series chips in them today, and those PCs are all shipping with the 24H2 update already installed.

For now, this means a bifurcated Windows 11 install base: one (the vast majority) that’s still mostly on version 23H2 and one (a tiny, Arm-powered minority) that’s running 24H2.

Although Microsoft hasn’t been specific about its release plans for Windows 11 24H2 to the wider user base, most PCs should still start getting the update later this fall. The Copilot+ parts won’t run on those current PCs, but they’ll still get new features and benefit from Microsoft’s work on the operating system’s underpinnings.

The wider 24H2 update rollout will also likely enable the Copilot+ PC features on Intel and AMD PCs that meet the hardware requirements. That hardware will supposedly be available starting in July—at least, if AMD can hit its planned ship date for Ryzen AI chips—but neither Intel nor AMD seems to know exactly when the Copilot+ features will be enabled in software. Right now, the x86 version of Windows doesn’t even have hidden Copilot+ features that can be enabled with the right settings; they only seem to be included at all in the Arm version of the update.

Unfortunately for Microsoft, the Copilot+ PC program (and, to a lesser extent, the 24H2 update) has become mostly synonymous with the Recall screen recording feature. Microsoft revealed this feature to the public without first sending it through its normal Windows Insider testing program. As soon as security researchers and testers were able to dig into it, they immediately found security holes and privacy risks that could expose a user’s entire Recall database plus detailed screenshots of all their activity to anyone with access to the PC.

Microsoft initially announced that it would release a preview of Recall as scheduled on June 18 with additional security and privacy measures in place. Microsoft would also make the feature off-by-default instead of on-by-default. Shortly after that, the company delayed Recall altogether and committed to testing it publicly in Windows Insider builds like any other Windows feature. Microsoft says that Recall will return, at least to Copilot+ PCs, at some point “in the coming weeks.”

Aside from the Copilot+ generative AI features, which require extra RAM and storage and a PC with a sufficiently fast neural processing unit (NPU), the main Windows 11 system requirements aren’t changing for the 24H2 update. However, there are older unsupported PCs that could run previous Windows 11 versions that will no longer be able to boot 24H2 since it requires a slightly newer CPU to boot.

Windows 11 24H2 is released to the public but only on Copilot+ PCs (for now) Read More »

microsoft-delays-recall-again,-won’t-debut-it-with-new-copilot+-pcs-after-all

Microsoft delays Recall again, won’t debut it with new Copilot+ PCs after all

AI, copilot, copilot+ PC, microsoft, microsoft recall, recall, Tech, Windows 11, windows 11 24h2, windows recall / /

another setback —

Recall will go through Windows Insider pipeline like any other Windows feature.

Recall is part of Microsoft's Copilot+ PC program.

Enlarge / Recall is part of Microsoft’s Copilot+ PC program.

Microsoft

Microsoft will be delaying its controversial Recall feature again, according to an updated blog post by Windows and Devices VP Pavan Davuluri. And when the feature does return “in the coming weeks,” Davuluri writes, it will be as a preview available to PCs in the Windows Insider Program, the same public testing and validation pipeline that all other Windows features usually go through before being released to the general populace.

Recall is a new Windows 11 AI feature that will be available on PCs that meet the company’s requirements for its “Copilot+ PC” program. Copilot+ PCs need at least 16GB of RAM, 256GB of storage, and a neural processing unit (NPU) capable of at least 40 trillion operations per second (TOPS). The first (and for a few months, only) PCs that will meet this requirement are all using Qualcomm’s Snapdragon X Plus and X Elite Arm chips, with compatible Intel and AMD processors following later this year. Copilot+ PCs ship with other generative AI features, too, but Recall’s widely publicized security problems have sucked most of the oxygen out of the room so far.

The Windows Insider preview of Recall will still require a PC that meets the Copilot+ requirements, though third-party scripts may be able to turn on Recall for PCs without the necessary hardware. We’ll know more when Recall makes its reappearance.

Why Recall was recalled

Recall works by periodically capturing screenshots of your PC and saving them to disk, and scanning those screenshots with OCR to make a big searchable text database that can help you find anything you had previously viewed on your PC.

The main problem, as we confirmed with our own testing, was that all of this was saved to disk with no additional encryption or other protection and was easily viewable and copyable by pretty much any user (or attacker) with access to the PC. Recall was also going to be enabled by default on Copilot+ PCs despite being a “preview,” meaning that users who didn’t touch the default settings were going to have all of this data recorded by default.

This was the version of Recall that was initially meant to ship out to reviewers this week on the first wave of Copilot+ PCs from Microsoft and other PC companies. After security researcher Kevin Beaumont publicized these security holes in that version of Recall, the company promised to add additional encryption and authentication protections and to disable Recall by default. These tweaks would have gone out as an update to the first shipments of Copilot+ PCs on June 18 (reviewers also wouldn’t get systems before June 18, a sign of how much Microsoft was rushing behind the scenes to implement these changes). Now Recall is being pushed back again.

A report from Windows Central claims that Recall was developed “in secret” and that it wasn’t even distributed widely within Microsoft before it was announced, which could explain why these security issues weren’t flagged and fixed before the feature showed up in a publicly available version of Windows.

Microsoft’s Recall delay follows Microsoft President Brad Smith’s testimony to Congress during a House Committee on Homeland Security hearing about the company’s “cascade of security failures” in recent months. Among other things, Smith said that Microsoft would commit to prioritizing security issues over new AI-powered features as part of the company’s recently announced Secure Future Initiative (SFI). Microsoft has also hired additional security personnel and tied executive pay to meeting security goals.

“If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security,” wrote Microsoft CEO Satya Nadella in an internal memo about the SFI announcement. “In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems.”

Recall has managed to tie together all the big Windows and Microsoft stories from the last year or two: the company’s all-consuming push to quickly release generative AI features, its security failures and subsequent promises to do better, and the general degradation of the Windows 11 user interface with unwanted apps, ads, reminders, account sign-in requirements, and other cruft.

Microsoft delays Recall again, won’t debut it with new Copilot+ PCs after all Read More »

windows-recall-demands-an-extraordinary-level-of-trust-that-microsoft-hasn’t-earned

Windows Recall demands an extraordinary level of trust that Microsoft hasn’t earned

AI, copilot, copilot+ PC, Features, microsoft, NPU, Tech, Windows, Windows 11, windows 11 24h2 / /
The Recall feature as it currently exists in Windows 11 24H2 preview builds.

Enlarge / The Recall feature as it currently exists in Windows 11 24H2 preview builds.

Andrew Cunningham

Microsoft’s Windows 11 Copilot+ PCs come with quite a few new AI and machine learning-driven features, but the tentpole is Recall. Described by Microsoft as a comprehensive record of everything you do on your PC, the feature is pitched as a way to help users remember where they’ve been and to provide Windows extra contextual information that can help it better understand requests from and meet the needs of individual users.

This, as many users in infosec communities on social media immediately pointed out, sounds like a potential security nightmare. That’s doubly true because Microsoft says that by default, Recall’s screenshots take no pains to redact sensitive information, from usernames and passwords to health care information to NSFW site visits. By default, on a PC with 256GB of storage, Recall can store a couple dozen gigabytes of data across three months of PC usage, a huge amount of personal data.

The line between “potential security nightmare” and “actual security nightmare” is at least partly about the implementation, and Microsoft has been saying things that are at least superficially reassuring. Copilot+ PCs are required to have a fast neural processing unit (NPU) so that processing can be performed locally rather than sending data to the cloud; local snapshots are protected at rest by Windows’ disk encryption technologies, which are generally on by default if you’ve signed into a Microsoft account; neither Microsoft nor other users on the PC are supposed to be able to access any particular user’s Recall snapshots; and users can choose to exclude apps or (in most browsers) individual websites to exclude from Recall’s snapshots.

This all sounds good in theory, but some users are beginning to use Recall now that the Windows 11 24H2 update is available in preview form, and the actual implementation has serious problems.

“Fundamentally breaks the promise of security in Windows”

This is Recall, as seen on a PC running a preview build of Windows 11 24H2. It takes and saves periodic screenshots, which can then be searched for and viewed in various ways.

Enlarge / This is Recall, as seen on a PC running a preview build of Windows 11 24H2. It takes and saves periodic screenshots, which can then be searched for and viewed in various ways.

Andrew Cunningham

Security researcher Kevin Beaumont, first in a thread on Mastodon and later in a more detailed blog post, has written about some of the potential implementation issues after enabling Recall on an unsupported system (which is currently the only way to try Recall since Copilot+ PCs that officially support the feature won’t ship until later this month). We’ve also given this early version of Recall a try on a Windows Dev Kit 2023, which we’ve used for all our recent Windows-on-Arm testing, and we’ve independently verified Beaumont’s claims about how easy it is to find and view raw Recall data once you have access to a user’s PC.

To test Recall yourself, developer and Windows enthusiast Albacore has published a tool called AmperageKit that will enable it on Arm-based Windows PCs running Windows 11 24H2 build 26100.712 (the build currently available in the Windows Insider Release Preview channel). Other Windows 11 24H2 versions are missing the underlying code necessary to enable Recall.

  • Windows uses OCR on all the text in all the screenshots it takes. That text is also saved to an SQLite database to facilitate faster searches.

    Andrew Cunningham

  • Searching for “iCloud,” for example, brings up every single screenshot with the word “iCloud” in it, including the app itself and its entry in the Microsoft Store. If I had visited websites that mentioned it, they would show up here, too.

    Andrew Cunningham

The short version is this: In its current form, Recall takes screenshots and uses OCR to grab the information on your screen; it then writes the contents of windows plus records of different user interactions in a locally stored SQLite database to track your activity. Data is stored on a per-app basis, presumably to make it easier for Microsoft’s app-exclusion feature to work. Beaumont says “several days” of data amounted to a database around 90KB in size. In our usage, screenshots taken by Recall on a PC with a 2560×1440 screen come in at 500KB or 600KB apiece (Recall saves screenshots at your PC’s native resolution, minus the taskbar area).

Recall works locally thanks to Azure AI code that runs on your device, and it works without Internet connectivity and without a Microsoft account. Data is encrypted at rest, sort of, at least insofar as your entire drive is generally encrypted when your PC is either signed into a Microsoft account or has Bitlocker turned on. But in its current form, Beaumont says Recall has “gaps you can drive a plane through” that make it trivially easy to grab and scan through a user’s Recall database if you either (1) have local access to the machine and can log into any account (not just the account of the user whose database you’re trying to see), or (2) are using a PC infected with some kind of info-stealer virus that can quickly transfer the SQLite database to another system.

Windows Recall demands an extraordinary level of trust that Microsoft hasn’t earned Read More »

intel-details-new-lunar-lake-cpus-that-will-go-up-against-amd,-qualcomm,-and-apple

Intel details new Lunar Lake CPUs that will go up against AMD, Qualcomm, and Apple

copilot+ PC, intel, intel core, lunar lake, meteor lake, NPU, Tech / /

more lakes —

Lunar Lake returns to a more conventional-looking design for Intel.

A high-level breakdown of Intel's next-gen Lunar Lake chips, which preserve some of Meteor Lake's changes while reverting others.

Enlarge / A high-level breakdown of Intel’s next-gen Lunar Lake chips, which preserve some of Meteor Lake’s changes while reverting others.

Intel

Given its recent manufacturing troubles, a resurgent AMD, an incursion from Qualcomm, and Apple’s shift from customer to competitor, it’s been a rough few years for Intel’s processors. Computer buyers have more viable options than they have in many years, and in many ways the company’s Meteor Lake architecture was more interesting as a technical achievement than it was as an upgrade for previous-generation Raptor Lake processors.

But even given all of that, Intel still provides the vast majority of PC CPUs—nearly four-fifths of all computer CPUs sold are Intel’s, according to recent analyst estimates from Canalys. The company still casts a long shadow, and what it does still helps set the pace for the rest of the industry.

Enter its next-generation CPU architecture, codenamed Lunar Lake. We’ve known about Lunar Lake for a while—Intel reminded everyone it was coming when Qualcomm upstaged it during Microsoft’s Copilot+ PC reveal—but this month at Computex the company is going into more detail ahead of availability sometime in Q3 of 2024.

Lunar Lake will be Intel’s first processor with a neural processing unit (NPU) that meets Microsoft’s Copilot+ PC requirements. But looking beyond the endless flow of AI news, it also includes upgraded architectures for its P-cores and E-cores, a next-generation GPU architecture, and some packaging changes that simultaneously build on and revert many of the dramatic changes Intel made for Meteor Lake.

Intel didn’t have more information to share on Arrow Lake, the architecture that will bring Meteor Lake’s big changes to socketed desktop motherboards for the first time. But Intel says that Arrow Lake is still on track for release in Q4 of 2024, and it could be announced at Intel’s annual Innovation event in late September.

Building on Meteor Lake

Lunar Lake continues to use a mix of P-cores and E-cores, which allow the chip to handle a mix of low-intensity and high-performance workloads without using more power than necessary.

Enlarge / Lunar Lake continues to use a mix of P-cores and E-cores, which allow the chip to handle a mix of low-intensity and high-performance workloads without using more power than necessary.

Intel

Lunar Lake shares a few things in common with Meteor Lake, including a chiplet-based design that combines multiple silicon dies into one big one with Intel’s Foveros packaging technology. But in some ways Lunar Lake is simpler and less weird than Meteor Lake, with fewer chiplets and a more conventional design.

Meteor Lake’s components were spread across four tiles: a compute tile that was mainly for the CPU cores, a TSMC-manufactured graphics tile for the GPU rendering hardware, an IO tile to handle things like PCI Express and Thunderbolt connectivity, and a grab-bag “SoC” tile with a couple of additional CPU cores, the media encoding and decoding engine, display connectivity, and the NPU.

Lunar Lake only has two functional tiles, plus a small “filler tile” that seems to exist solely so that the Lunar Lake silicon die can be a perfect rectangle once it’s all packaged together. The compute tile combines all of the processor’s P-cores and E-cores, the GPU, the NPU, the display outputs, and the media encoding and decoding engine. And the platform controller tile handles wired and wireless connectivity, including PCIe and USB, Thunderbolt 4, and Wi-Fi 7 and Bluetooth 5.4.

This is essentially the same split that Intel has used for laptop chips for years and years: one chipset die and one die for the CPU, GPU, and everything else. It’s just that now, those two chips are part of the same silicon die, rather than separate dies on the same processor package. In retrospect it seems like some of Meteor Lake’s most noticeable design departures—the division of GPU-related functions among different tiles, the presence of additional CPU cores inside of the SoC tile—were things Intel had to do to work around the fact that another company was actually manufacturing most of the GPU. Given the opportunity, Intel has returned to a more recognizable assemblage of components.

Intel is shifting to on-package RAM for Meteor Lake, something Apple also uses for its M-series chips.

Enlarge / Intel is shifting to on-package RAM for Meteor Lake, something Apple also uses for its M-series chips.

Intel

Another big packaging change is that Intel is integrating RAM into the CPU package for Lunar Lake, rather than having it installed separately on the motherboard. Intel says this uses 40 percent less power, since it shortens the distance data needs to travel. It also saves motherboard space, which can either be used for other components, to make systems smaller, or to make more room for battery. Apple also uses on-package memory for its M-series chips.

Intel says that Lunar Lake chips can include up to 32GB of LPDDR5x memory. The downside is that this on-package memory precludes the usage of separate Compression-Attached Memory Modules, which combine many of the benefits of traditional upgradable DIMM modules and soldered-down laptop memory.

Intel details new Lunar Lake CPUs that will go up against AMD, Qualcomm, and Apple Read More »