* Posts by diodesign

3493 publicly visible posts • joined 21 Sep 2011

SPEC mulls benchmarks for ML processing performance

diodesign (Written by Reg staff) Silver badge

IDC figures

I think the point is that it's too early to know exactly how much was spent in 2021, so IDC is guesstimating right now.

C.

Developer adoption is our priority, profits second, Cloudflare tells bankers

diodesign (Written by Reg staff) Silver badge

'deleting my post'

FWIW your now-deleted previous post made what looked like a baseless accusation of criminal activity so a moderator removed it.

Also FWIW Cloudflare's pretty open about the position it takes: it doesn't want to decide what's right or wrong on the internet. It doesn't want to be the arbiter of what is allowed to be hosted. Eg:

Cloudflare: We dumped Daily Stormer not because they're Nazis but because they said we love Nazis

Cloudflare speaks out amid allegations it safeguards banned terror gangs' websites

If you report spam or malware-based abuse to Cloudflare, feel free to CC us in (news@theregister.com) and we'll take a look at the same time.

C.

VMware offers hardware compatibility list for home labs

diodesign (Written by Reg staff) Silver badge

Just a stock image

It's just a generic pic to indicate someone tinkering with kit at home. I've changed the pic.

C.

Microsoft patches critical remote-code-exec hole in Exchange Server and others

diodesign (Written by Reg staff) Silver badge

Re: HEVC "data" files contain executable code?

No, they're not supposed to contain arbitrary code.

What happens is, with these kinds of bugs, is that there is a payload of instructions carefully placed within the multimedia file that is otherwise just data. When the file is parsed, the vulnerability in the parser is exploited to allow the payload to eventually execute.

There are steps in between to get around the OS's security defenses.

C.

Linux distros patch 'Dirty Pipe' make-me-root kernel bug

diodesign (Written by Reg staff) Silver badge

Re: Linux Bias?

"How big would the article be for a Windows vuln that let any fucker get admin privileges?"

For a Windows vuln for which patches are already out? Typically a few sentences: there are EoP holes in every Windows Patch Tuesday.

If we write a whole article about an EoP it's usually because a patch isn't out yet (it's a zero day) or it's being actively exploited or that the bug is particularly interesting, or that someone on the team was at a loose end and had enough time and material to write a whole article.

"C'mon El reg, there was a time when you weren't afraid to put the boot into ANY OS, even Linux. Are you really that frightened of a load of pissy comments?"

No. We often assign stories based on how much time and scribes we've got available. For Dirty Pipe, we wanted to get it out as soon as possible as the next lead item on the weekly roundup.

In fact think of it as a Dirty Pipe story with bonus material, as the DP section is quite a lot more than a couple of paragraphs.

We'll look at the Android angle next (it's also mentioned in the article).

Good news is that we've hired two writers this month to cover security, so expect more security stories sooner rather than later.

"Step the fuck up."

Sigh, why this angry?

C.

diodesign (Written by Reg staff) Silver badge

Re: Example

If you overwrite an entry in /etc/password so that the password field is blank, no password is needed. (If there's an x, use the shadow file.)

So, just blank out root's password entry with the DirtyPipe overwrite and everyone can get root.

PS: Another example would be to pick a root-owned setuid binary and overwrite it so that it simply spawns a root shell, and then restore the binary to normal.

C.

Here's why prolonged Russia-Ukraine war would be really bad for us, say chip designers

diodesign (Written by Reg staff) Silver badge

Confused

How do you mean?

C.

The time we came up with a solution – and found a big customer problem

diodesign (Written by Reg staff) Silver badge

Patch level

The sidebar was there right from the start for those who needed an intro to MPLS.

C.

Study: AI detects backdoor-unlocking DNA samples

diodesign (Written by Reg staff) Silver badge

Hype

FWIW there is no commercial project linked to this or anything like that, from what I can tell, so there's no snake oil to sell here.

It's an interesting attack vector that we thought we'd write about. We'll stay away from more theoretical attacks in future.

C.

diodesign (Written by Reg staff) Silver badge

'If the lab already is already infected with a trojan'

I guess the point of this is that - a la SolarWinds - you modify some popular software in a supply chain attack, and the code is deployed all over the world.

In order to target specific labs, you get them to process a sample with an IP address and port in it so you know which lab you're breaking into.

It's very theoretical, we thought it was interesting, and we think readers will understand the threat. We'll keep the feedback in mind for future.

C.

diodesign (Written by Reg staff) Silver badge

Re: AI triggered backdoor

Ah yeah, they are closely related.

The DNA issue is encoding hidden messages in perfectly valid data, and having an AI spot that; and the trigger detection is identifying when a model is seemingly deliberately misbehaving on special inputs.

One involves undoing steganography in input data, and the other sensing that a model has a secret trigger.

C.

AI-designed drug to treat deadly disease now tested on humans

diodesign (Written by Reg staff) Silver badge

Re: Proof reading

Yeah, we missed out a word. It's fixed. Email corrections@theregister.com if you spot a typo, please.

FWIW we prioritize being accurate and technical. If you spot a typo in a story – like a missing word or wrong tense, or something – it's because whoever was writing or editing the piece had their mind on something more important, or was on a deadline.

C.

Google's Chrome OS Flex could revive old PCs, Macs

diodesign (Written by Reg staff) Silver badge

+1 ChromeOS

My wife only ever used her Windows laptop with Chrome and things that could run in Chrome. So I got her a decent Chrome laptop. Updates regularly. Just runs Chrome.

Much less hassle than having to fix a Windows Vista / 10 / 11 laptop. FWIW I use Fedora on my personal systems and Debian on work systems.

C.

Massive cyberattack takes Ukraine military, big bank websites offline

diodesign (Written by Reg staff) Silver badge

Defacement

Yeah, noted.

C.

Russian 'Minecraft bomb plot' teen jailed for five years

diodesign (Written by Reg staff) Silver badge

Charges etc

We've added to the piece more info one what they teens were convicted of. The media has focused on the FSB building bit because it's kinda amusing and also, the boys went and did something to the actual building.

They were also charged with making and planning to test their homemade explosives in empty buildings, using Pringles cans as containers.

C.

Tesla to disable 'self-driving' feature that allowed vehicles to roll past stop signs at junctions

diodesign (Written by Reg staff) Silver badge

Re: Not a "bug"

Yeah, yeah, it's a feature. We saw it as a bug - as in, software operating as we wouldn't expect it to - but it is technically a feature so we've fixed up the article accordingly.

C.

Intel fails to get Spectre, Meltdown chip flaw class-action super-suit tossed out

diodesign (Written by Reg staff) Silver badge

Re: Defective?

IMHO it's possible to argue that Meltdown was a defect because Intel trivially broke one or more of the data security guarantees it gave in its documentation (IIRC, it's been a while so ICBW).

Spectre's a bit different IMHO because while it could be exploited to leak data, it was more like discerning info through instrumentation.

Whereas, Meltdown was as simple as placing a load after a branch instruction and seeing if the load was speculatively executed even if the branch was taken. And it was found that the speculative load occurred before security checks were performed, allowing one to figure out the content of memory that would have been trapped if read directly.

AIUI the chap who found Meltdown - a Googler straight out of uni - read the Intel soft dev manual, saw the part that said if a branch is taken, the CPU won't execute the instructions that follow immediately after the branch, and thought, 'yeah but I wonder if it does?'

Meltdown to me looked trivial to exploit, just a straight up bug in the design of the pipeline. Spectre looked more nuanced: a side effect of other optimizations.

As I said, ICBW.

C.

Nvidia reportedly prepares for un-Arm'd combat with rivals: $40bn takeover may be abandoned

diodesign (Written by Reg staff) Silver badge

Re: Nvidia Disarmed?

Thanks. Just a bit busy with other things right now and didn't want to hold up the article while trying to think of something clever.

To reveal what's behind the curtain, we were having a debate over whether Nvidia's statement was a denial or not. We decided it wasn't a denial – it was Nv putting on the best spin it could publicly – and that was what drove the headline, getting that right, not making a pun.

When -- sorry, if -- the deal collapses we'll do Nvidia loses Arm's race or something like that.

I might have to steal disarmed for something like RISC-V or x86 diss-Arms for the next round of benchmark claims.

C.

Joint European Torus celebrates 100,000 pulses: Neither Brexit nor middle age has stopped '80s era experiment

diodesign (Written by Reg staff) Silver badge

Wrong materials

Hi -- thanks. We got our materials mixed up, and now fixed. Don't forget to email corrections@theregister.com if you spot anything wrong, please.

C.

UKCloud acquired: Public sector specialist finally bags investment from current chair and private equity after reporting steep losses

diodesign (Written by Reg staff) Silver badge

Re: Choosing not to report

Hi -- What we meant to say was that we didn't report on the rumors at the time because we didn't want to cause harm with unverified tip offs. If we're gonna say an organization is about to collapse, we want to be really sure of it.

We never shy from reporting on something just because it might end in bad publicity. For that reason, I've taken out the paragraph.

C.

For those worried about Microsoft's Pluton TPM chip: Lenovo won't even switch it on by default in latest ThinkPads

diodesign (Written by Reg staff) Silver badge

Re: Mitigates against bugs like Spectre and Meltdown??

No, what we (and Microsoft) means is: tightly coupling the coprocessor to the CPU cores within the same package makes it harder for someone to sniff the communications.

It might be possible to do that with a side-channel attack, but really it's about stopping physical bus snooping.

C.

Robotic arm on China's space station does a demo, swings out 20 degrees and back while holding cargo ship

diodesign (Written by Reg staff) Silver badge

Re: Lifting in space

Yeah, yeah, you know what we mean: it's fixed.

C.

Fugitive mafioso evaded cops for two decades until he was spotted on Google Street View

diodesign (Written by Reg staff) Silver badge

Re: Fugitive mafiosi evaded cops for two decades

Thanks - it's fixed. Don't forget to email corrections@ if you spot an issue please so we can fix it right away

C.

IntelliJ IDEA plugin catches lazy copy-pasted Java source

diodesign (Written by Reg staff) Silver badge

Plugin's goal

Actually, the plugin is pretty simple: it checks to see if there is cut'n'pasted code in a file from other parts of the project (or maybe even just the same file).

If that happens, it's generally a sign of poor programming, so it may suggest you refactor (try again). I've tweaked the headlines to reflect this.

C.

Google joins others in Big Tech: Get vaccinated – or you're fired

diodesign (Written by Reg staff) Silver badge

Not all beds are the same

Not all hospital beds are the same: different wards, different levels of care, etc. I don't even have to assume that figure you gave is correct.

The point is: hospitals are at near capacity -- around 95% in the UK this week – and a surge in COVID-19 cases will push them over the edge, and people will be denied or given limited care. That's why we vaccinate: so we don't clog up the health system, and put others in danger, with a mostly solved problem.

"The NHS was put on a crisis footing as hospitals in England were told to discharge as many patients as possible while estimated daily Omicron cases hit 200,000 and the variant claimed its first life in the UK." (Source)

"Hotels are being turned into temporary care facilities staffed with workers flown in from Spain and Greece to relieve rising pressure on NHS hospital beds." (Source)

C.

diodesign (Written by Reg staff) Silver badge

'booster vaccines multiple times per year'

Keep on movin' those goal posts.

In fact, keep on moving them all the way out the door, down the street, over the road, across the bridge, all the way into a pharmacy or a doctor's office, all the way over to the uncomfortable chair where you can sit down and get a jab and move on.

C.

diodesign (Written by Reg staff) Silver badge

'no jab, no job'

Oh no.

Well, you can always work where there isn't a requirement. Or wait a few years for it hopefully die down. Smoking is banned everywhere. I see no difference.

C.

diodesign (Written by Reg staff) Silver badge

'we shouldn't stigmatize the unvaccinate'

Or we absolutely should. It would be idiotic to not vaccinate for measles or chickenpox, or the flu... what makes COVID-19 so special?

C.

diodesign (Written by Reg staff) Silver badge

'not very effective at preventing infection and transmission'

Personally speaking, I don't care how spreadable it is if it's been reduced, through vaccination or mutation, to literally nothing more than a bad cold -- no long-term effects, no risk of death.

I can put up with a cold.

"COVID case rates among the fully vaccinated are now higher than those in the unvaccinated"

I don't know what point you're trying to make here but if it's what I think it is, you're off base. The same report you quote says: "Comparing case rates among vaccinated and unvaccinated populations should not be used to estimate vaccine effectiveness against COVID-19 infection."

C.

Apple quietly deletes details of derided CSAM scanning tech from its Child Safety page without explanation

diodesign (Written by Reg staff) Silver badge

Spin it up

Well, they didn't comment to us when we asked. I've added an update. No explanation for the quiet disappearance of the text. Classic Apple.

Never explain, never apologize.

C.

CompSci boffins claim they can recreate missing lines in log files

diodesign (Written by Reg staff) Silver badge

Re: Example?

I've added an infographic and a link to a summary of the study by one of the universities. It basically, to me, works by figuring out what data from various sources is needed to create a log's entries, and then automating the process of generating missing entries from that data.

C.

Popular password manager LastPass to be spun out from LogMeIn

diodesign (Written by Reg staff) Silver badge

Re: Log4j version 2.15 vulnerable to CVE-2021-45046

Yeah, we're just about to run an update on it.

C.

Is VPOTUS Bluetooth-phobic or sensible? The answer's pretty clear

diodesign (Written by Reg staff) Silver badge

Nuclear football

I think everyone who reads The Reg knows what the nuclear football is in the context of the vice president of the United States of America. It's been referenced on TV, and in movies, articles, and books.

It's like we don't have to explain what the FBI is. Everyone's seen the X Files.

C.

UK Home Secretary delays Autonomy founder extradition decision to mid-December

diodesign (Written by Reg staff) Silver badge

Re: This is bonkers!

FWIW as explained in the side bar, HPE is suing Lynch in England, at the High Court, and US prosecutors also want him in the States on criminal fraud charges.

He's got a lot on his plate.

C.

Rust dust-up as entire moderation team resigns. Why? They won't really say

diodesign (Written by Reg staff) Silver badge

No one really knows publicly

We also asked on Twitter and no one seemed to know.

C.

Alleged Brit SIM-swapper will kill himself if extradited to US for trial, London court told

diodesign (Written by Reg staff) Silver badge

"My previous comment on this thread was modded"

Yeah we switch on manual moderation for sensitive court cases that make our legal ppl jumpy.

C.

There's no Huawei back now: Biden signs law that forbids US buyers acquiring kit on naughty list

diodesign (Written by Reg staff) Silver badge

"You can't mix Present Perfect with Past Simple in the same clause"

Yeah it's an error that happens when a sentence is partially edited and the rest is left unchanged, accidentally.

It's a process oversight rather than a misunderstanding of the language. Don't forget to hit the corrections link or email corrections@ if you spot something wrong.

C.

Apple is beginning to undo decades of Intel, x86 dominance in PC market

diodesign (Written by Reg staff) Silver badge

Analysts

We'll have to agree to disagree: we've found Dean to be pretty reliable and there's no hype or over-hype to what he's said.

C.

Earth's wobbly companion is probably the result of a lunar impact, reckon space boffins

diodesign (Written by Reg staff) Silver badge

To clarify:

The MOID is 5.2 million km, and for those of us who aren't astronomers, in practical terms, the closest the rock and Earth get is 14.5 million km.

C.

Let us give thanks that this November, Microsoft has given us just 55 security fixes, two of which are for actively exploited flaws

diodesign (Written by Reg staff) Silver badge

Re: And they still haven't fixed network printing

Thanks -- now noted in the piece, and we'll keep it on our radar.

C.

Waterfox: A Firefox fork that could teach Mozilla a lesson

diodesign (Written by Reg staff) Silver badge

Fork

It's a fair point but the terminology everyone recognizes and understands is 'fork'

What you're saying is that a derivative is a fork that has less development resources than its parent. If that becomes an accepted term, then I can see that being used in stories.

C.

Whenever automakers get their hands on chip supplies, the more expensive vehicles are first in line – NXP

diodesign (Written by Reg staff) Silver badge

Re: "[integrated combustible engine] "

Yeah it's fixed -- don't forget to email corrections@theregister.com (or click the corrections link and fill out the form) next time you see a boo-boo, please.

C.

Forum layout borked "-%]" at top of page and long comment DIVs

diodesign (Written by Reg staff) Silver badge

Re: Forum layout borked

Yeah, should be fixed by now.

C.

Linux kernel 5.15 released with new NTFS driver plus an LTS sticker slapped on it

diodesign (Written by Reg staff) Silver badge

Re: 5.15 is an LTS release

Thanks -- we'll update the article.

C.

Teen bought Google ad for his scam website and made 48 Bitcoins duping UK online shoppers

diodesign (Written by Reg staff) Silver badge

How else would we write it?

Don't be so defensive: if someone raided a bank vault and made off with diamonds and then sold them for $2m in cash, then the article would say the thief made $2m from stolen diamonds.

If someone runs a scam and launders people's online vouchers into Bitcoins, then the article would say just that.

At some point, usually at the top, we have to mention the money and assets involved. In this case, the teen bought BTC using his ill-gotten gains.

C.

Apple arms high-end MacBook Pro notebooks with M1 Pro, M1 Max processors

diodesign (Written by Reg staff) Silver badge

A notch appears

Ah yes, we've now acknowledged that in the piece.

C.

How Windows NTFS finally made it into Linux

diodesign (Written by Reg staff) Silver badge

Whoops

Yeah, the article was eventually fixed up. If you spot anything wrong, please hit that corrections link and let us know in future.

C.

diodesign (Written by Reg staff) Silver badge

Re: Am I missing something?

Sorry about that -- the article's been fixed up. Don't forget to email corrections@theregister.com if you spot something wrong.

C.

diodesign (Written by Reg staff) Silver badge

Errors

Yeah, we fixed up the article. Lessons learned.

C.

IBM US staff must be fully vaccinated by December – or go back to bed without pay

diodesign (Written by Reg staff) Silver badge

"PS This will probably get rejected"

And yet here we are.

Your other comment was rejected for anti-vax disinformation. You said: "the vaccine does not prevent someone acquiring and subsequently transmitting COVID. This is particularly true of the overwhelmingly dominant Delta variant."

Which is disingenuous bollocks. The CDC says:

"Infections with the Delta variant in vaccinated persons potentially have reduced transmissibility than infections in unvaccinated persons, although additional studies are needed."

Not quite the picture you painted. Yeah you can still get the virus and spread it if vaccinated, but the vaccine is not totally powerless in this situation; there are signs it has an effect and we'll know for sure with more science.

On the one hand, we're trying to lightly moderate these forums so people can argue it and figure it all out without us policing individual points. On the other hand, we can't flame Facebook for spreading anti-vax nonsense and then turn a total blind eye to it on our own boards.

C.