Posts Tagged ‘microsoft’

Microsoft is Working with Mediatek on Project Sopris Secure WiFi MCU

April 5th, 2017 5 comments

There are serious security issues with the Internet of Things at all levels: hardware, software, network, and end-users. Microsoft Research NExT Operating Systems Technologies Group has been tasked with “exploring the goal of securing the vast number of low cost Internet connected devices coming online” with Project Sopris. They have shared their first technical report that identifies “seven properties of highly secure devices”, and describes their experiments towards designing microcontroller based prototype devices adapted from Mediatek MT7687 MIPS microcontroller, and exhibiting those seven properties.

Experimental Sopris Developer Board

The seven properties identifies by Microsoft team include:

  • Hardware-based Root of Trust – Unforgeable cryptographic keys generated and protected by hardware. Physical countermeasures resist side-channel attacks.
  • Small Trusted Computing Base – Private keys stored in a hardware-protected vault, inaccessible to software. Division of software into self-protecting layers.
  • Defense in Depth – Multiple mitigations applied against each threat. Countermeasures mitigate the consequences of a successful attack on any one vector.
  • Compartmentalization – Hardware-enforced barriers between software components prevent a breach in one from propagating to others.
  • Certificate-based Authentication – Signed certificate, proven by unforgeable cryptographic key, proves the device identity and authenticity.
  • Renewable Security – Renewal brings the device forward to a secure state and revokes compromised assets for known vulnerabilities or security breaches.
  • Failure Reporting – A software failure, such as a buffer overrun induced by an attacker probing security, is reported to cloud-based failure analysis system.

After noticing that most traditional MCUs lacks all of those 7 properties,  they decided to modify Mediatek MT7687 whose block diagram is shown below…

… and replaced the crypto engines and hardware RNG with what Microsoft calls “Pluton security subsystem”, added a memory management unit (MMU) to the CPU, as well as more on-die SRAM. One this was done, they integrated in the prototype picture in the picture at the top of this post.

Sopris WiFI MCU Block Diagram

So now we have a highly secure WiFi-enabled MCU. Since we are talking about security and WiFi, as a quick side node, it’s now possible to exploit Broadcom WiFi SoC security weaknesses to access the host operating systems in Android devices. This won’t affect Sopris MCU however.

Sopris development board is said to support the seven properties:

  • Hardware-based root of trust – device secrets are protected in the Pluton security subsystem.
  • Small trusted computing base – for most operations, the TCB for Sopris is isolated to the Pluton security subsystem.
  • Defense in depth – between the upgraded CPU and the Pluton security system up to seven layers of defense are supported in Sopris.
  • Compartmentalization – for example, separate compartments can be implemented using isolated address spaces enabled by the upgraded CPU.
  • Certificate-based authentication –  for example, private keys stored in the Pluton security subsystem can form the basis of a secure per-device certificate chain.
  • Renewable security – for example, a software stack running on Sopris can use the multiple layers of hardware-protected defense in depth to implement renewable
  • Failure reporting – for example, failure handling code that runs on the Sopris can collect data about failures and relay that information to a failure analysis service through Wi-Fi.

Going forward, Microsoft researchers plans to package Sopris into a simple device board design with software that can be shared with researchers and security experts across academia and industry.

Via EENews Europe

Report: Linux Cannot Be Installed on Microsoft Signature Edition PCs, Laptops and Tablets

September 21st, 2016 21 comments

Microsoft Signature program is designed to make sure certified devices offer the best possible experience for users, as they can not come with bloatware, include Windows Defender, and must meet strict hardware requirements. However according to a Phoronix report, “providing the best possible user experience” also includes blocking installation of alternative operating systems such as Ubuntu, Debian, or other Linux distributions.

microsoft-signature-edition-no-linuxThe issue was discovered by rijesh who attempted to install Ubuntu 16.04 on his Microsoft Signature Edition Lenovo Yoga 900 13-ISK2 laptop, and noticed that while the BIOS and Windows 10 could see his 512 GB hard drive, Ubuntu was unable to find it, and a customer support representative answered that:

This system has a Signature Edition of Windows 10 Home installed. It is locked per our agreement with Microsoft.

Another user reports having successfully installed Ubuntu 16.04 on his Lenovo YOGA 900-13ISK, so the devil is in the details. At the beginning, several users thought that Ubuntu was actually the culprit, as some speculated it might support the very latest hardware…

Anyway if you want to avoid that issue, and have control over which operating system to install on your hardware, Microsoft has a list of devices not to buy prepared just for you…

[Update: Microsoft and Lenovo now claim it was not intentional]

Large American Technology Companies Abusive Practices Against Bloggers

September 10th, 2016 53 comments

OK the title might be a little over of the top, but within the last month or so, I’ve been a “victim” of three American companies’ requests, via third parties, namely their customers or technology partners, never directly, to delete or amend the content of this blog. One which I believe is justified albeit not really necessary, and two are just ridiculous, with the latest one prompting me to write this post.


The first issue was about a post entitled “Allwinner A64 based Pine A64 and Banana Pi M64 Boards Can Now Run Windows 10 IoT Core“, where I shared .ffu firmware file links that I found directly via a page on Microsoft Azure github about Banana Pi board. There were accessible without any EULA, or agreement. So The Internet being the Internet, where you can freely share links that don’t break any sort of copyrights or promote hate, I added the links to my post, as well as a video showing the board with Windows IoT.

Two days later, I received an email from a company telling Microsoft had been asked them to ask me to “remove the ffu links from the article as MS are quite sensitive about publishing them” and “could you remove the video?”. I reluctantly did it, since I’ve received DMCA requests from Microsoft in the past for allegedly infringing on their copyrights in that post, but the way Google words them, it’s nearly impossible to find out why exactly. Google will normally comply with Microsoft request, so the page was removed from Google Search results, but funnily enough I can find it in Bing… On the bright side, there’s a lawsuit against DMCA by the Electronic Frontier Foundation in progress… Who knows, this might also help terminate YouTube’s “you’re guilty until proven innocent” policy regarding fair use of copyrighted audio and video…

The second US company asking me to modify my content this month was Intel, against by proxy, through their customer. The post was “Intel Atom C3000 Denverton Processor Targets Low Power Servers“, and a company contacted me to remove two pictures, and references to a specific company, as Intel had seen this was in conflict with an NDA. I got the picture and info from Anandtech, but I was explained that there’s been a misunderstanding with Anandtech when they published the pictures, and I could see they had themselves removed the pictures, so I did it too as I felt it was a fair request. However, I still have a hard time understanding how those two pictures can negatively impact Intel business, and IMHO they’d better focus their efforts on more important things. It also took them around 50 days to report the issue…

Netflix was the third company asking me to remove content or even delete a post by proxy. The interesting part is that I did not have any input from any company involved when I wrote “MINIX NEO U9-H 4K HDR Amlogic S912-H Android TV Box Coming in October“, as I got all my info from HDBlog Italia, except for one confirmation about the use of Amlogic S912-H processor. The post was written five days ago, and today I received an email by a third party asking me to remove the post. Wow, that’s quite a request without explanation… So I asked why and whether I could amend part of the post instead, and I was told that Neflix was quite unhappy about my post because of the text in bold below:

One interesting point is that Widewine Level 1 DRM is supported, so some premium video streaming app will support HD and maybe 4K UHD. It does not mean Netflix HD/4K will be supported however, as this requires an extra agreement with Netflix, but it’s still a step in the right direction.

It’s quite a well known fact that Netflix HD and 4K does not work on all devices, and Netflix even have a list of working devices. It’s quite hard to understand why this comment would become an issue, unless Netflix feels like it makes them look like the deliver a poorly supported service… Anyway, I changed the “inadequate” post by removing the text in bold, and wrote this post instead to make everybody happy 🙂

Sensors Predicting The Future – Elderly Persons Fall Prediction and Detection with Kinect, Webcams and Microphones

September 9th, 2016 No comments

Wearables can be used your young children or elderly persons to monitoring their locations or health, and one use case, especially for old age persons, is to detect falls. However, it’s quite possible they don’t like it and/or not always wear it, so the Center for Eldercare and Technology of the University of Missouri designed a system based on Microsoft Kinect, two webcams, and microphones in order to detect falls, and even predict falls by analyzing gait, i.e. the pattern of movement of the limbs.

fall_detection_and_prevention-kinect_microphones_webcamsThe picture above shows at least part of the hardware setup with the Kinect, a webcam, and a PC  tower doing the processing stored in a cupboard.

Fall detection algorithms are relying on the microphone array, Microsoft Kinect depth camera, and a two-webcam system used to extract silhouettes from orthogonal views and construct a 3D voxel model for analysis. Passive gait analysis algorithms are for their part taking data from the kinect and the two-webcam system. The system was installed in 10 apartment, with data gathered for a period of 2 years, and they found that a gait speed decline of 5cm/s was associated with an 86.3% probability of falling within the following three weeks, and that shortened stride length was associated with a 50.6% probability of falling within the next three weeks.

You can see Gait detection in action in the video below.

More details about the studies and links to research papers can be found on Active Heterogeneous Sensing for Fall Detection and Fall Risk Assessment page on the University of Missouri website.

Via Electronics Weekly

Hardware Requirements for Discounted Windows 10 Licenses for Entry Level mini PCs, TV Sticks, Tablets, Notebooks, and AiO

September 2nd, 2016 6 comments

Even since the first low cost mini PCs and TV sticks started to come to market there was lots of confusion about Windows 8.1/10 licenses, because while small tablets could be shipped with Windows 8.1 with Bing/Windows 10 with a free license, mini PCs required  a different discounted NTE license costing between $15 and $30. Price differs depending who your ask… So while the cheapest devices normally shipped unactivated, some companies like PiPo decided to install Windows with the latest version to cut costs… Microsoft eventually noticed, and PiPo had to stopped the practise, instead making mini PCs with small displays

The exact hardware requirements were also unclear so far for either the free or discount tablet, but the following table dropped in my email Inbox recently… It explains which hardware is accepted for an Entry level license.

Click to Enlarge

Click to Enlarge

OST means Online Service Terms, and the devices matching the hardware requirements above should be eligible for a discount. A Low End CPUs should be Intel Bay Trail, and Cherry Trail processor, and most likely Braswell and Apollo Lake too, plus some AMD processors. So if you buy a Intel Core iX processor, you should not get a free/cheap Windows license.

Windows 10 mini PCs like Beelink BT7 and Vorke V1 match most requirements of the “WW Entry Desktop/AiO” with a low end Atom X7-Z8700 and Celeron J3160 processor, 4GB RAM, no hard drive, and no optical drive. However, they fail the maximum storage requirements since they ship with at least 64GB internal flash. That means they should be paying the full Windows 10 license, and while they come activated, they are likely in breach of Windows OST. I’ve also been informed Microsoft has been taking legal action against at least one manufacturer of non-compliant devices.

Getting Started with ReSpeaker WiFi IoT Board’s Audio Capabilities, Voice Recognition and Synthesis

August 27th, 2016 8 comments

ReSpeaker is a development board combining an Atmel AVR MCU, a MediaTek MT7688 WiFi module running OpenWrt, a built-in microphone, an audio jack, and I/O headers to allow for voice control and output for IoT applications. That means you could make your own Amazon Echo like device with the board and add-ons, use it as a voice controlled home automation gateway and more. The board was launched on Kickstarter a few days ago, and already raised $100,000 from about 100 backers, but I’ve received an early sample, so I’ll provide some more information about the firmware, and shows how to use with some Python scripts leveraging Microsoft Bing Speech API.

Click to Enlarge

Click to Enlarge

You’ll need a micro USB to USB cable to connect your to computer (Linux, Windows, Mac OS…), and a speaker to connect to the board. Linux (OpenWrt) boots in a few seconds, and once it’s done all RGB LED will continuously blink.

I’m using a computer running Ubuntu 16.04, and ReSpeaker is detected by the system as an Arduino Leonardo board:

That’s optional, but if you want you can access the serial console, with programs like Minicom, screen, putty or hyperterminal and set the connection to 57600 8N1 to access the command. Here’s the full boot log:

If you think something is odd here… That’s because the serial connection will miss some characters. This happens with two computers and different USB cables. Hopefully this is either a specific issue with my sample, or if it is an issue it will be fixed by the time boards ship to Kickstarter backers [Update: The company explained me that it’s because the Atmel 32u4 and Mediatek MT7688 share the same USB port]. So instead of using the serial console, I’ll use SSH instead which means I have to connect to ReSpeaker WiFi access point first, and configure it.

LinkIt_Smart_Access_PointReSpeaker will show as LinkIt_Smart_7688_XXXXX, because the WiFi module is exactly the same as LinkIt Smart 7688 IoT board, and unsurprisingly the configuration interface is exactly the same.ReSpeaker_WiFi_PasswordFirst set the root password, and login with that password.

ReSpeaker_Station_Mode_OpenWrt_LUCIThen go to Network tab, select station mode, and connect to your access point by entering your password. Click Configure, and you’re done. As you can see on the right above, you can also use OpenWrt’s LUCI interface to configure networking.

Now find ReSpeaker IP address via your Router DHCP client list, arp-scan, or other method:

You can now connect to the board via SSH:

and use the password you set in the web interface.

Now let’s check some CPU information:

We’ve got Mediatek NT7688 MIPS24K processor as advertised, so let’s check a few more details:

The board runs Linux 3.18.23, has 7.6MB available storage, and 128MB RAM in total.

I’m not going to test the audio features with command tools, and python script, and also include a video demo at the end of this review.Since I don’t have ReSpeaker Microphone array add-on, I have to be fairly close to the microphone for it to work well, maybe one meter at most, or the volume would be really low.

I’ll start by checking audio recording and playback with any API or internet access requirements.
We can record audio with 16000 sample rate, 16 bit width, 1 channel using the following command

and play it back with aplay:

It worked OK for me, although the volume seemed quite low.

Now we can do something a little more interested as Seeed Studio develop a few Text-to-speech and Speech-to-text Python scripts. You can retrieve the scripts from ReSpeaker github account, and install one dependencies to setup the board:

The script are using Microsoft Speech API, but in theory you could use any other speech API. Since Seeed Studio has already done all the hard work, I simply applied for a Microsoft peech API key in order to be able to use the demo.

Microsoft_API_KeyThat’s free for testing / evaluation, but if you intend to use it in commercial products, or for your own case, if you use more 5,000 transactions per month, you’d need to purchase a subscription.

You’ll find three Python scripts in the directory namely:,, Look for BING_KEY inside each script, and paste your own key.

Time to have some fun, starting with the speech to text script:

It’s pretty slow to start (about 15 seconds), and then there are a few error message, before you can see the “* recording” message, and you can talk, with Bing returning the results: “Bing:你好”. Chinese? Yep, as currently the default is Chinese, but if it is not your strongest language, you can edit, and change the language replacing zh-CN by en-US, or other language strings:

An English works too (sort of):

In the first sentence, I said “Hello World! Welcome to CNX Software today”, but it came out as “hello world next software”, maybe because of my accent, but I doubt it…

Then I wanted to try Thai language, but I got an API failure simply because the number of supported languages by Microsoft Speeach API is limited as shown in the table below.

language-Country language-Country language-Country language-Country
ar-EG* en-IN fr-FR pt-BR
ca-ES en-NZ it-IT pt-PT
da-DK en-US ja-JP ru-RU
de-DE es-ES ko-KR sv-SE
en-AU es-MX nb-NO zh-CN
en-CA fi-FI nl-NL zh-HK
en-GB fr-CA pl-PL zh-TW

If your language is not listed here, then you could Google Speech API instead, and it’s likely Seeed Studio or the community will have written compatible scripts by the time ReSpeaker boards ship to backers.

So you now know how to convert your voice to text, and you can use that text to send a web search, or toggle GPIOs, but you may also want to get an audio answer to your action, and script is there for your, and very easy to use:

It did not really feel realistic, but at least I could understand the female voice in the speakers. Looks in the script I did not see any language settings, so I assume the API will automatically detect the language, and inputted a string in French instead, and all I heard was gibberish. Finally I found that you can change the voice language in script with contains most of the code:

I replaced the US female voice, but a French male voice, added a “famous French saying”:

At least it was understandable, but Microsoft has still some work to do the audio output was more like “Salut mon gars. commencer a va?”. The reason could also be that the correct writing is “Comment ça va”, but the terminal (set to UTF-8), did not let me input “ç”.

You can watch all those demo in the video below to get a better feel about the audio quality, delays, and capabilities of Microsoft Bing Speech API.

Windows Subsystem for Linux (Ubuntu Bash on Windows) Benchmarked Against Native Ubuntu 14.04 and 16.04

April 13th, 2016 8 comments

Microsoft recently announced that they brought Ubuntu userspace to Windows, and that this features will be officially released in Windows 10’s Anniversary Update and called Windows Subsystem for Linux. But people part of the company’s insider program can already try the beta version of “Bash on Windows”, and Phoronix ran some benchmarks in bash in Windows 10, and repeated the tests in Ubuntu 16.04, Ubuntu 14.04, and Clear Linux. The test machine was based on an Intel Xeon E3-1280 v5 Skylake CPUwith 16GB of RAM and 120GB Samsung 850 EVO SSD.

Many of the results show Windows Subsystem for Linux (I’ll just call it Windows 10 in the rest of the post) just performing a little slower than on the Linux distributions, but there are also some outliers, which I’m going to cover here.

The most surprising results is when Windows 10 clearly outperforms Linux at its own game, and should be happening.


Click to Enlarge

Click to Enlarge

Click to Enlarge

That’s the case for Stream 1.2 triad and add benchmarks. Stream is supposed to benchmark the system memory (RAM) performance. The copy operation from the same benchmark is still faster in Linux however, except in Ubuntu 14.04.

Click to Enlarge

Click to Enlarge

The table below summarize the operation for the 4 stream tests:

I don’t have any explanation for the issue, but maybe some people can provide some clues in the comments.

There were also benchmarks where bash on Windows 10 is  much slower, likely due to the use of NTFS instead of EXT-4.

Click to Enlarge

Click to Enlarge

The Compile bench “tries to age a filesystem by simulating some of the disk IO common in creating, compiling, patching, stating and reading kernel trees. It indirectly measures how well file systems can maintain directory locality as the disk fills up and directories age. This current test is setup to use the makej mode with 10 initial directories”. Since Ubuntu bash on Windows is designed for developers this may actually matter. The poor performance is confirmed with Timed PHP compilation benchmark.

Click to Enlarge

Click to Enlarge

So it may pay off to try some other file systems if possible in Windows 10.

SciMarks v2.0 Fast Fourier Transform is another benchmark that’s quite faster in bash in Windows 10.

Click to Enlarge

Click to Enlarge

That one is also odd, so there must be some operations that the Windows kernel does faster than the Linux kernel, even after the overhead of converting Linux calls to Windows calls.

Windows 10 got back to struggling with Redis open-source data structure server benchmark that’s likely reliant on storage I/Os.

Click to Enlarge

Click to Enlarge

The other benchmark results where more or less in line with expectations, although there were some regressions between Ubuntu 16.04 and Ubuntu 14.04.

Microsoft Brings Bash on Ubuntu on Windows 10

March 31st, 2016 17 comments

Yes, you’ve read that right, and no, it’s not an April Fools’ Day prank, Microsoft and Canonical really cooperated to bring Ubuntu user space to Windows 10 allowing developers and others to run bash commands directly into Windows. All you’ll need to do is to install Ubuntu on Windows app, hit the Windows key, and type bash to get a terminal window.


Once you are in bash, you can run any Ubuntu command line, including apt-get to install packages, just like if you were in a terminal in Ubuntu, and all binaries are the same as in Ubuntu, as Microsoft implemented new infrastructure within Windows called the Windows Subsystem for Linux (WSL). That means Ubuntu runs without Linux, but instead the implementation is a conversion layer somewhat similar to Wine to run Windows programs in Ubuntu, or Libhybris to convert Linux calls to Android calls.

Dustin Kirkland, in charge of Ubuntu Product and Strategy, explains it’s not Ubuntu running in a virtual machine or a container, not something like cygwin his blog post about the announcement:

“Right, so just Ubuntu running in a virtual machine?”  Nope!  This isn’t a virtual machine at all.  There’s no Linux kernel booting in a VM under a hypervisor.  It’s just the Ubuntu user space.
“Ah, okay, so this is Ubuntu in a container then?”  Nope!  This isn’t a container either.  It’s native Ubuntu binaries running directly in Windows.
“Hum, well it’s like cygwin perhaps?”  Nope!  Cygwin includes open source utilities are recompiled from source to run natively in Windows.  Here, we’re talking about bit-for-bit, checksum-for-checksum Ubuntu ELF binaries running directly in Windows.
[long pause]
“So maybe something like a Linux emulator?”  Now you’re getting warmer!  A team of sharp developers at Microsoft has been hard at work adapting some Microsoft research technology to basically perform real time translation of Linux syscalls into Windows OS syscalls.  Linux geeks can think of it sort of the inverse of “wine” — Ubuntu binaries running natively in Windows.  Microsoft calls it their “Windows Subsystem for Linux”.  (No, it’s not open source at this time.)

CPU, memory, and I/O performance is almost the same as native performance according to results obtained with sysbench utility.

Since there are already ways to access a Linux terminal in Windows as mentioned above, this new feature may not not seem much, but for example that means Ubuntu or Linux instructions posted in this website, most of them using the command line, will run in Windows 10 natively without having to install a VirtualBox or VMWare and a virtual machine running Ubuntu.

You can also get a perspective from a web developer using Windows 10 on Scott Hanselman blog.

This is a beta release so it’s not working 100% just yet. If you are part of Windows Insider program you can have access to the early beta of Ubuntu on Windows.