* Posts by theblackhand

883 posts • joined 1 Oct 2009


Remember that backdoor in Juniper gear? Congress sure does – even if networking biz wishes it would all go away

theblackhand Silver badge

Re: Backdoor scorecard

So many downvotes....

Reference: https://en.wikipedia.org/wiki/File:NSA_HALLUXWATER.jpg

If you are downvoting security references based on limited knowledge, maybe it's not knowledge but just biases and rumour? The NSA TAO leaks aren't exactly secret.

theblackhand Silver badge

Re: Backdoor scorecard


Cisco - yes

Juniper - yes

Huawei - YES

All part of the same NSA TAO group exploits revealed by Der Spiegel. Just because Huaweis firewall products aren't as popular in the west doesn't make them invulnerable.

'Beyond stupid': Linus Torvalds trashes 5.8 Linux kernel patch over opt-in Intel CPU bug mitigation

theblackhand Silver badge

Re: There must be a simpler fix...

Your fix is changing the target of the attack from application space (i.e. browser or ash session keys) to the kernel - deduce the code encryption keys at the kernel via a timing attack and you're back to the original issue

SD cards hop on the PCIe 4.0 bus to hit 4GB/s with version 8.0 of storage spec

theblackhand Silver badge

Re: So not full speed on any Intel platform then

I'm wondering about power as well - while the standard may support 4GB/s there is also a lower 3GB/s option versus SDXC maxing out at 1GB/s which is much higher than you would typically see on an SDXC card reader.

The interface appears to be rated at 1.8W vs current cards that are under 100 mW.

Tales from the crypt-oh: Nvidia accused of concealing $1bn in coin-mining GPU sales as gaming revenue

theblackhand Silver badge

Re: More long term than any other?


If at first you don't succeed... IBM finds Watson a new job: IT ops and cloud-to-the-edge computing in the 5G era

theblackhand Silver badge

"solution in search of a problem"


Concerning the Ulta premium chess playing doorstop market isn't enough for you ElReg?

Such high standards at Vulture towers

Vodafone chief speaks out after 5G conspiracy nuts torch phone mast serving Nightingale Hospital in Brum

theblackhand Silver badge

For the UK "celebrities", a little bit of community service helping out the NHS would be appreciated.

I'm sure Amanda would do a fine job washing dirty scrubs.

Amir maybe a little harder - I'm not sure which job he could do without quitting halfway through.

Internet samurai says he'll sell 14,700,000 IPv4 addresses worth $300m-plus, plow it all into Asia-Pacific connectivity

theblackhand Silver badge

Re: In 3.. 2.. 1..

Microsoft people put the gateway on .1 or .254.

Cisco people understand you can allocate subnets other than /24 and allocate the gateway accordingly.

'Azure appears to be full': UK punters complain of capacity issues on Microsoft's cloud

theblackhand Silver badge

Re: Interesting

Intels q4 server CPU sales were off the charts - up around 49%

I know Nvidia contributed a chunk of that with their Geforce Now DC's, but hadn't hard which of the other big cloud providers took the rest.

AWS/Azure/Google had all been delaying spending waiting for new chips, any evidence that it was AWS that won?

Bad news: Coronavirus is spreading rapidly across the world. Good news: Nitrogen dioxide levels are decreasing and the air on Earth is cleaner

theblackhand Silver badge

And with all this "working from home" and general boredom from beinglocked in, I've polished the bathroom mirror to the point where I can now see my bottom.

I strongly do not recommend this...

Data surge as more Brits work from home? Not as hard on the network as their nightly Netflix binges, claims BT

theblackhand Silver badge

You really think moving the mouse occasionally so Skype shows you online while you watch Netflix will use that much more bandwidth than just watching Netflix?

Think your smartwatch is good for warning of a heart attack? Turns out it's surprisingly easy to fool its AI

theblackhand Silver badge

Re: Lies and statistics

"you just never know when they might decide to kill you."

We know they have already decided to kill us. What we don't know is when.

Chips that pass in the night: How risky is RISC-V to Arm, Intel and the others? Very

theblackhand Silver badge

Re: Been here before

"I well remember the RISC anxiety at Intel when I worked there 35 years ago."

And when Intel moved from pure x86 CISC to x86 CISC instructions decoded to µops to run on a RISC like architecture with the P6, what happened to that anxiety? Sure, Intel hedged it's bets with Itanium/VLIW but reality wasn't kind to that...

US Homeland Security mistakenly seizes British ad agency's website in prostitution probe gone wrong

theblackhand Silver badge

Organised prostitution usually has some morals and ethics.

Sophos was gearing up for a private life – then someone remembered the bike scheme

theblackhand Silver badge

Overpaid juniors?

"the process that sees hordes of overpaid junior lawyers and accountants poring over every tiny detail of a business before going ahead with a merger or takeover."

In most accountancy or legal firms, overworked is more accurate than overpaid. The juniors do the donkey work (usually with significant amounts of travel and unpaid overtime), the senior managers are paid well to apply the whip to keep things going and the partners rake in the money and put the entertainment on expenses.

Oh...and the juniors are responsible for all mistakes.

AMD takes a bite out of Intel's PC market share across Europe amid microprocessor shortages, rising Ryzen

theblackhand Silver badge

Re: Accidental shortage

"they can't _buy_ enough outsourcing capacity to catch up because it's all booked out."

To address outsourcing high performance chip designs to another fab - you will likely take 1-2 years to redesign a working CPU operating at >2GHz if you take a working design from one fab to another.

Intel/TSMC/Samsung all have significantly different processes - a working design for one fab does not instantly translate into a working design at another fab, and if you are dependent on a design that is outside of the conservative fab design rules, you risk low yields and poor performance. For examples, look at AMD/nVidia GPU's on identical TSMC processes where one card substantially under-performs or has low availability - typically the first GPU or largest GPU does not clock as highly as its rival because of design issues. A year later, we see a decent boost as the updated chip addresses the issue.

theblackhand Silver badge

Re: Accidental shortage

"Being able to replace a full rack of Intel with two AMD boxes is music to the ears of any data center professional."

The "rack full" of dual CPU Intel boxes MAYBE being replaced by "less than a rack full" of AMD boxes.

Licensing makes high core counts hard to justify for Enterprises unless they have applications (like HPC) that aren't licensed per core.

The high core count chips are power/cooling hungry making it hard to sell them into cloud environments or enterprise blade chassis where density is more important. That's not to say moving from 20 servers per rack to 10 while lowering connectivity costs and increasing core counts doesn't make sense.

IO (typically storage) also kills your per rack density - you are likely limited in the amount of IO you can deliver to each rack. So moving from 20 x 8-cores to 2 x 128 cores likely doesn't unless you can avoid storage/IO/network/memory bottlenecks by scaling up connection speeds cost effectively.

Can you mix your new CPU's with your existing CPU's in a VM environment? Or do you need to start a new farm. That makes switching vendors hard unless your current environment is end of life and ditching it is an option. If you have a larger environment and replace a fixed percentage each year, changing may require considerable planning/budgetting.

And finally, what does it cost all up?

If any of the Super7+1 (or is that +2 now nVidia are trying to compete for mobile gaming?) announce major deals with AMD in 2020, AMD likely double their server market share.

TL;DR: high core counts look great, but AMD's pricing, power usage, low-to-mid range core counts and being able to deliver are more likely to win them this round.

Call us immediately if your child uses Kali Linux, squawks West Mids Police

theblackhand Silver badge

Re: Whatever next in the UK... reporting our neighbours for harbouring Jews?

Not me!!!!

I'm too far from the sea.

Crazy idea but hear us out... With robots taking people's jobs, can we rethink this whole working to survive thing?

theblackhand Silver badge

Re: Seriously, how many centuries has this exact debate been going on?

"History is important, I'm not suggesting otherwise, but using it as a barometer against today's employment opportunities is bonkers."

Then I would suggest re-examining post-WWII history (you can go back further if you want but this is likely to be sufficient to see details) to see just how far we have come and how many jobs have changed or disappeared completely.

"We all know that the roles needed in society change and automation and AI (whatever that means in reality) drives this."

Yes...and in general, society as a whole has improved on the back of change. And generally change has improved both the lives AND jobs of the less well off. Look at jobs that had high accident rates 10-50 years ago and how they are done now - machines have replaced people and the people manage the machines with a subsequent increase in rates of production with less injuries.

You look and see Deliveroo and Amazon Fulfillment Centres and I would suggest both are likely to become more automated in the future as the human acts as as a robot. And there are questions around safety/injury.

What I see is an increasing requirement for human education and knowledge and the potential for that to drive future change.

Will people still be left behind by this? Yes and the aging population is likely to require a lot more social care as cheaply as possible. At least until we figure out how to automate that.

Will society as a whole benefit? I believe so. Based on history. Trying to retain the status quo has been where society crumbles and revolution is needed to move forward again. When there is change, those at the bottom have something to strive for. And technology revolutions tend to be a lot gentler than political revolutions.

theblackhand Silver badge

Re: Seriously, how many centuries has this exact debate been going on?

"It's somewhat disturbing to see how comparisons are being made between working and living conditions today and a 100+ years ago, as if that means anything."

We navel gaze at the future where AI will automate people out of jobs while installing computer systems that allow one person to do the tasks of many or write code or reports that allow businesses to operate more efficiently.

So yes, history means a lot...those that are aware of history are aware of the significant changes that have happened over the last 200 years to get the standard of living above "you'll probably die soon" to "you better plan for old age, you've got a lot of years ahead of you".

I suspect it may also be part of the current generational gap - those brought up in cities where everything is available as long as you had money versus those from rural areas or before much of the current service industry was available who can make do with alternatives or without...

And yes, I'm an old grumpy git before my time.

Who needs the A-Team or MacGyver when there's a techie with an SCSI cable?

theblackhand Silver badge

IDE in servers

<random dump of useless information>

Before PCI-bus IDE HBA's, ISA IDE HBA's required an interrupt per channel which limited the number of hard drives you could use (you could usually manage two-channels of 2 drives each once you added a few network cards) and generally multiple hard drives were the only way of expanding capacity in the days where the biggest hard drives weren't big enough. From memory, the Netware IDE drivers weren't great either although that may have been a hardware bottleneck rather than just a driver issue.

SCSI HBA's allowed upto 14 drives per HBA...more than enough.. And the drivers were better. If you could get updates.

</random dump of useless information>

Good: IT admins scrambled to patch 80 per cent of public-facing Citrix boxes to close nightmare hijack hole

theblackhand Silver badge

Re: sys admin?

"i think these boxen come under a different job title."

It's system administration - it may not be in your job role but I think you're being a little pedantic...

Some may say it's not the pedantic grammar nazi's job to police pedantry but there we have it...

Former Autonomy boss Mike Lynch 'submits himself' for arrest in central London

theblackhand Silver badge

Re: 10 million GBP bail....

Well Lynch probably made a few million when he sold his company to HP. Looks like it was ~£500 million (source: https://www.computerworld.com/article/3416571/update--mike-lynch-leaves-hp-autonomy.html). It should be relatively easy to find based on shareholdings and bonuses from the sale but I can't find a better source...

You'd never believe how much HP paid for Autonomy...

Fed-up air safety bods ban A350 pilots from enjoying cockpit coffees

theblackhand Silver badge

I prefer to drink my whiskey from glass - I really noticed the plastic taste when we added it to the children's bottles to help them sleep.

What? It's not as if Airbus pilots are allowed to do anything important so they may as well have a drink while their computers tell them no.

This AI is full of holes: Brit council fixes thousands of road cracks spotted by algorithm using sat snaps

theblackhand Silver badge

Re: AI 101

Sir Runcible Spoon...it sounds like someone can't handle the truth...

I bet you use base 10 math rather than the one true math.....base 12 math. Its as simple as 9+3=10.

Two startups enter, one leaves: Intel kills off much-delayed Nervana AI training chip, pushes on with Habana

theblackhand Silver badge

Are you thinking of XScale? They may were acquired for around $700m.

Intel has often acquired companies for IP/licencing rather than improving/expanding the market for the products they have acquired.

Very little helps: Tesco flashes ancient Windows desktop on Scan-As-You-Shop device

theblackhand Silver badge

Does it count as "nicking everything" if you were just following a Antony Worrall Thompson recipe?

BT: UK.gov ruling on Huawei will cost us half a billion pounds over next 5 years

theblackhand Silver badge

Re: No more than 35%?

"Clearly 35% by mass is the only objective measure."

How about by the number of LED's?

Blue ones are cooler than red ones so naturally are weighted accordingly with other colours somewhere inbetween.

Gin and gone-ic: Rometty out as IBM CEO, cloud supremo Arvind Krishna takes over, Red Hat boss is president

theblackhand Silver badge

'No BS' web host Gandi emits outage postmortem, has 'only theories' on what went wrong

theblackhand Silver badge

Re: Chalk one up...

More likely /dev/null filled up and they weren't monitoring it

Curse of Boeing continues: Now a telly satellite it built may explode, will be pushed up to 500km from geo orbit

theblackhand Silver badge

Re: Spaceway-1

"Is it going UP to a graveyard orbit or being unusually de-orbited into the atmosphere?"

It's going up - there is a significant quantity of fuel remaining (73kg at present) which may account for the life time extension.

Regarding the batteries, the satellite appears to be OK operating on solar panels but the concern is that the coming eclipse season will require battery operation leading to the potential for catastrophic failure. Eclipse season starts on Feb 25th.

theblackhand Silver badge

Re: Spaceway-1

"If Boeing designed an aircraft for a 12 year lifespan without ensuring that it would not still be flying around at the same altitude fifteen years later, you might think someone had been careless."

Is the comparison to an aircraft valid? An aircraft is maintained as part of normal operations while a satellite is almost entirely unserviced during its lifetime. Aircraft parts prone to stress are regularly replaced to minimise risk and anything with an operational life is replaced before it is likely to fail.

And aircraft operate in a less hostile environment than space - the fault that has end the life of this satellite is likely repairable if it occurred in an aircraft and if it was caused by being hit by an unknown object, then that is a risk satellite manufacturers take and attempt to workaround with additional resilience. But resilience doesn't protect you from multiple failures particularly as you reach the later stages of your mission where you may already be operating with failed components.

theblackhand Silver badge


According to the wiki article, this was launched in 2005 with a 12 year lifetime and was currently being used as a backup satellite.

While the battery issue is undesirable - are there any details of the fault (i.e. overcharging due to a damaged component or control system?) as bashing Boeing for this seems a little harsh unless I'm missing something.

Apple: EU can't make us use your stinking common charging standard

theblackhand Silver badge

Re: "It'll stifle [..] innovation."

"Suggest you look at the successful network forums eg. IEEE802 (specifically 802.3), WiFi Alliance..."

Are you sure it's bollocks? Using the comparison to Ethernet, USB has had to change from 4 pin plus ground via a separate pin or the ground shield to 9-pin including ground in order to separate high power and high bandwidth cable pairs. Ethernet avoided this by already having 4-pair connectors for UTP from the beginning because there weren't cost effective digital modulation methods available to provide higher data rates when it was introduced..

USB was designed to minimise costs in early implementations - while there is an argument that it could have provided a more future proof connector at version 2, the fact is it didn't. Given competing interfaces that didn't minimise cost and failed, I'm unsure if you can choose a single interface that is universally "good" and "cheap".

Is Ethernet or USB able to go beyond 10Gbps with current connectors? Unlikely - they already use QAM256 encoding to achieve those rates and Ethernet has already moved away from UTP connectors beyond 10Gbps with 10Gbps UTP Ethernet having a number of downsides (i.e. high power use, high latency) that make that unlikely to change.

Is 100W/10Gbps sufficient for a general purpose device-to-device interface? I would say yes - marketers will say no...

Clunk, whirr, buzz, whine. Shared office space can be a riot and sounds like one too

theblackhand Silver badge

They are saying "...if you buy something it would be a good excuse to have more meatballs..."

theblackhand Silver badge

Re: Sometimes

Or a ClueHammer(TM) if applied carefully to someones head in order to ensure any provided clues are retained.

10nm woes, CPU supply shortages, competition from AMD... What? Sorry? Intel can't hear you over the cash register going bonkers

theblackhand Silver badge

Datacentre is DCG and is currently $7.2bn/quarter or $23.5bn/year

CCG (desktops/laptops) is $10bn/quarter or $37bn/year

Even if AMD are unsuccessful in obtaining mobile market share in 2020, they will likely impact revenue as Intel will need to reduce prices/margins to maintain volume.

Intel could easily see a 10%-20% decline in CCG revenue...

Intel care more about DCG revenue because there's a very slim channel to support so better margins than CCG plus DCG is a growth area whereas CCG is flat at best.

theblackhand Silver badge

Re: Spectre-Meltdown-L1FT-Zombieload-et-al

"the mitigations bring performance down"

The software mitigation's reduce performance - the hardware mitigation's found in Cascade Lake generation chips address Meltdown/Foreshadow in hardware and the remainder of currently known Spectre issues to a similar level as other x86/non-x86 SMT platforms.

While OS/software fixes are still required (and may impact performance) to fully address issues, that isn't an Intel exclusive issue.

In the red corner, Big Red, and in the blue corner... the rest of the tech industry

theblackhand Silver badge

Re: Come For The Articles...

"copywriting APIs will benefit absolutely nobody, even Oracle themselves"

Long term, yes.

Short term, Oracle claim copyright over Android and claim very significant damages against Google, possibly to the point of destroying Google or breaking it up and making Oracle very rich.

Day n+1 when the world is burning doesn't worry Oracle. Yet.

Leave your admin interface's TLS cert and private key in your router firmware in 2020? Just Netgear things

theblackhand Silver badge

Re: My mom, and millions like her, don't care.

This is basically evolution in the home router space.

To make installing a new router, Netgear (and others) initially directed users to access the router via the IP address. Which worked as long as users didn't have to change the IP address. A DNS name was deemed friendlier and browser makers were discouraging the use of IP addresses for security reasons. Then came the push to move to secure communications, so Netgear used self-signed certificates. And then the move to ensure certificates were valid so Netgear obtained valid certificates. And now the move to avoid distributing public certificate keys.

The bit missing here is how do you opt out of security policies that provide little additional security (in most cases - I'm assuming internal access to a device you own with a default policy of no external access to the device) without encouraging user behaviour that is undesirable (ignoring browser security warnings)?

theblackhand Silver badge

Re: Secure Bootstrap is hard

My reading of what Netgear are doing is trying to get a valid hostname/certificate that allows connections from a browser without security warnings for invalid certificates etc. The .com/.net domains allow Netgear to register valid domain names and get trusted certificates to avoid browser warnings around insecure connections or untrusted certificates.

I'm not sure a different hostname or self-signed certificate where the private keys reside locally on the router is the issue - it puts you back to the point where you need users to click through security warnings to begin router configuration.

I can imagine a process for getting valid certificates generated per device IF you have a working Internet connection (i.e. connect to trusted host using a public key embedded in firmware, register unique DNS name via trusted host and trusted host issues valid certificate, redirect from http://router.local to https://my device name>) HOWEVER:

- what happens if there is no working Internet connection yet?

- will this still cause browser warnings when you connect the first time you use the device?

Given the target market (consumers), I'm not convinced the risk of embedded certificate keys outweighs the advantages of convenience for the user, particularly when the troubleshooting steps would like be accepting untrusted connections which establishes bad habits. Using short certificate lifetimes, separate certificates per device model and auto-updates for firmware would significantly reduce the risk AND allow Netgear to respond quickly to any threats that became public.

Or you ship a setup application that allows you to bypass browser security warnings and is only used if the automated setup fails.

Unless I'm missing an obvious solution...

LastPass stores passwords so securely, not even its users can access them

theblackhand Silver badge

"This is why I keep all of my passwords on post-it notes stuck to my monitor. My handwriting is all the encryption I need."

Do you have any reliability issues following maintenance?

The cleaners like to treat my monitor rough...

IBM, Microsoft, a medley of others sing support for Google against Oracle in Supremes' Java API copyright case

theblackhand Silver badge

Re: Both cases illustrate that APIs are subject to copyright

"They could have called it something else, I don't know, like "Motlin"."

This is exactly my point - if MS had called it something else AND not licensed Java from Sun, the lawsuit would have gone in a completely different direction (or Sun may not have found grounds for a case).

Instead the case was about failing to uphold licence requirements for Java as required by the Java licence - it was purely contractual and MS had not complied with those contracts.

Google vs Oracle is the parallel Java universe where Microsoft did the opposite of what they did in this Java universe.

theblackhand Silver badge

Re: #include statements

Sun vs Microsoft was around attempting to coerce Java to Microsoft's standard - Microsoft were sued by Sun for failing to implement the standard correctly while still using Java trademarks and Microsoft were fined as a result and discontinued the MS JVM.

I would dispute that the Sun vs Microsoft case mirrors the Oracle vs Google Java case outside of both being based around Java - drawing parallels with the effects on software development for the two cases isn't valid.

Ex-Autonomy CFO Sushovan Hussain's part in the accounting badness was 'wildly overblown'

theblackhand Silver badge

Not only very readable, but easily the best coverage of the case across the UK media (and likely outside the UK as well).

Thoroughly appreciated.

World's richest bloke battles Oz catastro-fire with incredible AU$1m donation (aka load of cheap greenwashing)

theblackhand Silver badge

Re: Thing is

"What's needed is long term spending on prevention, such as not having forests right up to towns and a fire service that is able to contain fires that break out. But you don't get that from donations like this."

And what if the towns build right up to the edge of forests? Part of the problem is increasing populations and encroachment on existing forests as much as building too close to forests.

Combine that with fuel reduction measures being restricted by properties, changes in water/land usage within affected states resulting in dryer areas and increasing temperatures due to regional and global changes and the extent of the issue becomes clear. The comparison I would make with the UK is flooding - the causes of flooding are as much due to changes in river management and land use as they are to property locations.

Donations will allow the immediate effects to be reduced (i.e. replacing damaged or lost property) and increasing preventative measures because the wider environmental issues are likely to take 10-30 years to address assuming the Australian government has the cajones to tackle the issues rather than just let rich industrialists (of which Bezos is not one) ride roughshod over the environment to allow them to make a few more dollars..

As for the animals, the worst types of animals - politicians - appear to have been largely unaffected by the disaster.

BOFH: You brought nothing to the party but a six-pack of regret

theblackhand Silver badge

Re: "How to Speak Well English."

Deep...very deep

theblackhand Silver badge

Re: 'You brought nothing to the party but a six pack of regret?'

Meg Whitman liked a little country - maybe this is what she played at HP board meetings discussing recent acquisitions?

'Buyer's remorse' drove HP's legal crusade to go after Lynch, High Court told

theblackhand Silver badge

Re: Sold as seen

"What HP really want is a win in this civil case (balance of probabilities) to use in their upcoming criminal case (beyond all reasonable doubt). Doubt if they'll get it."

What HPE want is not to lose. While winning this case may allow them to take assets from Lynch and Hussein and ensure both are imprisoned in the US for their part the flip side is that if they lose, future cases become "shareholders vs HPE" or "shareholders vs former execs of HP" and that is what worries Meg and HPE the most.

Leo has demonstrated he wasn't up to the HP CEO role with his testimony in this case, justifying the board's actions to remove him. The reality is that the board supported him and this is just as much about HP's actions post-purchase under Meg and the actions taken. Were they in HP's best interests or the boards?

theblackhand Silver badge

Re: Slightly disappointed


Exactly...Christmas is over, save it for December please.



Biting the hand that feeds IT © 1998–2020