NPU

windows-recall-demands-an-extraordinary-level-of-trust-that-microsoft-hasn’t-earned

Windows Recall demands an extraordinary level of trust that Microsoft hasn’t earned

AI, copilot, copilot+ PC, Features, microsoft, NPU, Tech, Windows, Windows 11, windows 11 24h2 / /
The Recall feature as it currently exists in Windows 11 24H2 preview builds.

Enlarge / The Recall feature as it currently exists in Windows 11 24H2 preview builds.

Andrew Cunningham

Microsoft’s Windows 11 Copilot+ PCs come with quite a few new AI and machine learning-driven features, but the tentpole is Recall. Described by Microsoft as a comprehensive record of everything you do on your PC, the feature is pitched as a way to help users remember where they’ve been and to provide Windows extra contextual information that can help it better understand requests from and meet the needs of individual users.

This, as many users in infosec communities on social media immediately pointed out, sounds like a potential security nightmare. That’s doubly true because Microsoft says that by default, Recall’s screenshots take no pains to redact sensitive information, from usernames and passwords to health care information to NSFW site visits. By default, on a PC with 256GB of storage, Recall can store a couple dozen gigabytes of data across three months of PC usage, a huge amount of personal data.

The line between “potential security nightmare” and “actual security nightmare” is at least partly about the implementation, and Microsoft has been saying things that are at least superficially reassuring. Copilot+ PCs are required to have a fast neural processing unit (NPU) so that processing can be performed locally rather than sending data to the cloud; local snapshots are protected at rest by Windows’ disk encryption technologies, which are generally on by default if you’ve signed into a Microsoft account; neither Microsoft nor other users on the PC are supposed to be able to access any particular user’s Recall snapshots; and users can choose to exclude apps or (in most browsers) individual websites to exclude from Recall’s snapshots.

This all sounds good in theory, but some users are beginning to use Recall now that the Windows 11 24H2 update is available in preview form, and the actual implementation has serious problems.

“Fundamentally breaks the promise of security in Windows”

This is Recall, as seen on a PC running a preview build of Windows 11 24H2. It takes and saves periodic screenshots, which can then be searched for and viewed in various ways.

Enlarge / This is Recall, as seen on a PC running a preview build of Windows 11 24H2. It takes and saves periodic screenshots, which can then be searched for and viewed in various ways.

Andrew Cunningham

Security researcher Kevin Beaumont, first in a thread on Mastodon and later in a more detailed blog post, has written about some of the potential implementation issues after enabling Recall on an unsupported system (which is currently the only way to try Recall since Copilot+ PCs that officially support the feature won’t ship until later this month). We’ve also given this early version of Recall a try on a Windows Dev Kit 2023, which we’ve used for all our recent Windows-on-Arm testing, and we’ve independently verified Beaumont’s claims about how easy it is to find and view raw Recall data once you have access to a user’s PC.

To test Recall yourself, developer and Windows enthusiast Albacore has published a tool called AmperageKit that will enable it on Arm-based Windows PCs running Windows 11 24H2 build 26100.712 (the build currently available in the Windows Insider Release Preview channel). Other Windows 11 24H2 versions are missing the underlying code necessary to enable Recall.

  • Windows uses OCR on all the text in all the screenshots it takes. That text is also saved to an SQLite database to facilitate faster searches.

    Andrew Cunningham

  • Searching for “iCloud,” for example, brings up every single screenshot with the word “iCloud” in it, including the app itself and its entry in the Microsoft Store. If I had visited websites that mentioned it, they would show up here, too.

    Andrew Cunningham

The short version is this: In its current form, Recall takes screenshots and uses OCR to grab the information on your screen; it then writes the contents of windows plus records of different user interactions in a locally stored SQLite database to track your activity. Data is stored on a per-app basis, presumably to make it easier for Microsoft’s app-exclusion feature to work. Beaumont says “several days” of data amounted to a database around 90KB in size. In our usage, screenshots taken by Recall on a PC with a 2560×1440 screen come in at 500KB or 600KB apiece (Recall saves screenshots at your PC’s native resolution, minus the taskbar area).

Recall works locally thanks to Azure AI code that runs on your device, and it works without Internet connectivity and without a Microsoft account. Data is encrypted at rest, sort of, at least insofar as your entire drive is generally encrypted when your PC is either signed into a Microsoft account or has Bitlocker turned on. But in its current form, Beaumont says Recall has “gaps you can drive a plane through” that make it trivially easy to grab and scan through a user’s Recall database if you either (1) have local access to the machine and can log into any account (not just the account of the user whose database you’re trying to see), or (2) are using a PC infected with some kind of info-stealer virus that can quickly transfer the SQLite database to another system.

Windows Recall demands an extraordinary level of trust that Microsoft hasn’t earned Read More »

intel-details-new-lunar-lake-cpus-that-will-go-up-against-amd,-qualcomm,-and-apple

Intel details new Lunar Lake CPUs that will go up against AMD, Qualcomm, and Apple

copilot+ PC, intel, intel core, lunar lake, meteor lake, NPU, Tech / /

more lakes —

Lunar Lake returns to a more conventional-looking design for Intel.

A high-level breakdown of Intel's next-gen Lunar Lake chips, which preserve some of Meteor Lake's changes while reverting others.

Enlarge / A high-level breakdown of Intel’s next-gen Lunar Lake chips, which preserve some of Meteor Lake’s changes while reverting others.

Intel

Given its recent manufacturing troubles, a resurgent AMD, an incursion from Qualcomm, and Apple’s shift from customer to competitor, it’s been a rough few years for Intel’s processors. Computer buyers have more viable options than they have in many years, and in many ways the company’s Meteor Lake architecture was more interesting as a technical achievement than it was as an upgrade for previous-generation Raptor Lake processors.

But even given all of that, Intel still provides the vast majority of PC CPUs—nearly four-fifths of all computer CPUs sold are Intel’s, according to recent analyst estimates from Canalys. The company still casts a long shadow, and what it does still helps set the pace for the rest of the industry.

Enter its next-generation CPU architecture, codenamed Lunar Lake. We’ve known about Lunar Lake for a while—Intel reminded everyone it was coming when Qualcomm upstaged it during Microsoft’s Copilot+ PC reveal—but this month at Computex the company is going into more detail ahead of availability sometime in Q3 of 2024.

Lunar Lake will be Intel’s first processor with a neural processing unit (NPU) that meets Microsoft’s Copilot+ PC requirements. But looking beyond the endless flow of AI news, it also includes upgraded architectures for its P-cores and E-cores, a next-generation GPU architecture, and some packaging changes that simultaneously build on and revert many of the dramatic changes Intel made for Meteor Lake.

Intel didn’t have more information to share on Arrow Lake, the architecture that will bring Meteor Lake’s big changes to socketed desktop motherboards for the first time. But Intel says that Arrow Lake is still on track for release in Q4 of 2024, and it could be announced at Intel’s annual Innovation event in late September.

Building on Meteor Lake

Lunar Lake continues to use a mix of P-cores and E-cores, which allow the chip to handle a mix of low-intensity and high-performance workloads without using more power than necessary.

Enlarge / Lunar Lake continues to use a mix of P-cores and E-cores, which allow the chip to handle a mix of low-intensity and high-performance workloads without using more power than necessary.

Intel

Lunar Lake shares a few things in common with Meteor Lake, including a chiplet-based design that combines multiple silicon dies into one big one with Intel’s Foveros packaging technology. But in some ways Lunar Lake is simpler and less weird than Meteor Lake, with fewer chiplets and a more conventional design.

Meteor Lake’s components were spread across four tiles: a compute tile that was mainly for the CPU cores, a TSMC-manufactured graphics tile for the GPU rendering hardware, an IO tile to handle things like PCI Express and Thunderbolt connectivity, and a grab-bag “SoC” tile with a couple of additional CPU cores, the media encoding and decoding engine, display connectivity, and the NPU.

Lunar Lake only has two functional tiles, plus a small “filler tile” that seems to exist solely so that the Lunar Lake silicon die can be a perfect rectangle once it’s all packaged together. The compute tile combines all of the processor’s P-cores and E-cores, the GPU, the NPU, the display outputs, and the media encoding and decoding engine. And the platform controller tile handles wired and wireless connectivity, including PCIe and USB, Thunderbolt 4, and Wi-Fi 7 and Bluetooth 5.4.

This is essentially the same split that Intel has used for laptop chips for years and years: one chipset die and one die for the CPU, GPU, and everything else. It’s just that now, those two chips are part of the same silicon die, rather than separate dies on the same processor package. In retrospect it seems like some of Meteor Lake’s most noticeable design departures—the division of GPU-related functions among different tiles, the presence of additional CPU cores inside of the SoC tile—were things Intel had to do to work around the fact that another company was actually manufacturing most of the GPU. Given the opportunity, Intel has returned to a more recognizable assemblage of components.

Intel is shifting to on-package RAM for Meteor Lake, something Apple also uses for its M-series chips.

Enlarge / Intel is shifting to on-package RAM for Meteor Lake, something Apple also uses for its M-series chips.

Intel

Another big packaging change is that Intel is integrating RAM into the CPU package for Lunar Lake, rather than having it installed separately on the motherboard. Intel says this uses 40 percent less power, since it shortens the distance data needs to travel. It also saves motherboard space, which can either be used for other components, to make systems smaller, or to make more room for battery. Apple also uses on-package memory for its M-series chips.

Intel says that Lunar Lake chips can include up to 32GB of LPDDR5x memory. The downside is that this on-package memory precludes the usage of separate Compression-Attached Memory Modules, which combine many of the benefits of traditional upgradable DIMM modules and soldered-down laptop memory.

Intel details new Lunar Lake CPUs that will go up against AMD, Qualcomm, and Apple Read More »

your-current-pc-probably-doesn’t-have-an-ai-processor,-but-your-next-one-might

Your current PC probably doesn’t have an AI processor, but your next one might

AI, AMD, intel, microsoft, NPU, openai, Tech / /
Intel's Core Ultra chips are some of the first x86 PC processors to include built-in NPUs. Software support will slowly follow.

Enlarge / Intel’s Core Ultra chips are some of the first x86 PC processors to include built-in NPUs. Software support will slowly follow.

Intel

When it announced the new Copilot key for PC keyboards last month, Microsoft declared 2024 “the year of the AI PC.” On one level, this is just an aspirational PR-friendly proclamation, meant to show investors that Microsoft intends to keep pushing the AI hype cycle that has put it in competition with Apple for the title of most valuable publicly traded company.

But on a technical level, it is true that PCs made and sold in 2024 and beyond will generally include AI and machine-learning processing capabilities that older PCs don’t. The main thing is the neural processing unit (NPU), a specialized block on recent high-end Intel and AMD CPUs that can accelerate some kinds of generative AI and machine-learning workloads more quickly (or while using less power) than the CPU or GPU could.

Qualcomm’s Windows PCs were some of the first to include an NPU, since the Arm processors used in most smartphones have included some kind of machine-learning acceleration for a few years now (Apple’s M-series chips for Macs all have them, too, going all the way back to 2020’s M1). But the Arm version of Windows is a insignificantly tiny sliver of the entire PC market; x86 PCs with Intel’s Core Ultra chips, AMD’s Ryzen 7040/8040-series laptop CPUs, or the Ryzen 8000G desktop CPUs will be many mainstream PC users’ first exposure to this kind of hardware.

Right now, even if your PC has an NPU in it, Windows can’t use it for much, aside from webcam background blurring and a handful of other video effects. But that’s slowly going to change, and part of that will be making it relatively easy for developers to create NPU-agnostic apps in the same way that PC game developers currently make GPU-agnostic games.

The gaming example is instructive, because that’s basically how Microsoft is approaching DirectML, its API for machine-learning operations. Though up until now it has mostly been used to run these AI workloads on GPUs, Microsoft announced last week that it was adding DirectML support for Intel’s Meteor Lake NPUs in a developer preview, starting in DirectML 1.13.1 and ONNX Runtime 1.17.

Though it will only run an unspecified “subset of machine learning models that have been targeted for support” and that some “may not run at all or may have high latency or low accuracy,” it opens the door to more third-party apps to start taking advantage of built-in NPUs. Intel says that Samsung is using Intel’s NPU and DirectML for facial recognition features in its photo gallery app, something that Apple also uses its Neural Engine for in macOS and iOS.

The benefits can be substantial, compared to running those workloads on a GPU or CPU.

“The NPU, at least in Intel land, will largely be used for power efficiency reasons,” Intel Senior Director of Technical Marketing Robert Hallock told Ars in an interview about Meteor Lake’s capabilities. “Camera segmentation, this whole background blurring thing… moving that to the NPU saves about 30 to 50 percent power versus running it elsewhere.”

Intel and Microsoft are both working toward a model where NPUs are treated pretty much like GPUs are today: developers generally target DirectX rather than a specific graphics card manufacturer or GPU architecture, and new features, one-off bug fixes, and performance improvements can all be addressed via GPU driver updates. Some GPUs run specific games better than others, and developers can choose to spend more time optimizing for Nvidia cards or AMD cards, but generally the model is hardware agnostic.

Similarly, Intel is already offering GPU-style driver updates for its NPUs. And Hallock says that Windows already essentially recognizes the NPU as “a graphics card with no rendering capability.”

Your current PC probably doesn’t have an AI processor, but your next one might Read More »