Posts by diodesign

"This story sounds a bit odd"

FWIW we're reporting what the auditor said - so if something looks odd, you mean, the auditor's findings are odd.

C.

Re: Errata:

Thanks for the feedback - I've tweaked that sentence.

Don't forget to email corrections@theregister.co.uk if you spot anything wrong. We can't read every comment, but we can read every email to that address. Case in point: if you had emailed us, we could have addressed this hours ago.

C.

Re: $Deity Crap !

Shared ;)

C.

FRAND

The patents are now linked from the article. They don't look standards related.

They look like the usual video-on-demand and video encoding fare. Check 'em out and let us know.

C.

It'll come from the US Treasury, and it's not returned. It's a one-off check.

C.

Re: Why the kick in the nuts...?

Microsoft is a multi-billion-dollar company: it can take the criticism. We're not here to kiss ass, no matter the vendor's good intentions: we're here to scrutinize.

What's the point of offering something for free if it just goes down?

C.

"And what's the point of that snarky comment?"

It's PR trolling by billionaires. It's 0.01% of his net worth. We're just playthings to them in their weird point-scoring battles.

"We join hands with Americans in these difficult times"

C'mon.

C.

Ah thanks, yeah, we've watched back some of the previous WWDC content online in the past. We'll mention that in the article.

C.

Re: Safety?

From the court document:

"At a subsequent meeting on March 15,2018, Pankowski reiterated the statement he made during the earlier meeting that his team could not approve the product because it did not meet safety requirements and doing so would place consumers of the product at a safety risk and expose iRobot to liability."

And:

"iRobot ... refused to provide required safety and labelling information with the products it sold"

Emphasis mine. Hope this helps.

C.

They are not vulnerable, it appears:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

C.

What kind of ramifications does this have on DRM in general?

Any decryption done using keys secured by the CSME can be broken: so video streaming, anti-copying mechanisms, etc that rely on the EPID/TPM to store and use keys.

DVD and Blu-ray encryption is already cracked.

C.

Re: Only in England the source of the Skripal fantasy would this title fly

Wow. You hear about these sorts of comments on the internet. It's incredible to see one with your own eyes.

We've struck gold

C.

Re: JohnG

Thanks for the feedback - don't forget to email corrections@theregister.co.uk if you spot anything wrong so it can be fixed ASAP

C.

Re: That article title

Commas are for wimps, and multimillionaires.

C.

Pedant

Yeah, dude, the rub is that the researchers thought the bounty included sub-domain security, Microsoft disagrees.

C.

Re: Conversion error?

350ft = 106m, fixed.

Don't forget to email corrections@theregister.co.uk if you spot anything wrong.

C.

"So there is a high number of undiagnosed cases in that region"

Sure, doesn't change the fact that at time of writing, there have been 27 confirmed reported cases in Washington state.

C.

Population density

Sure, I've added a note mentioning that.

C.

Re: Gotta bash with feeling now

If you click through to the original article, it lists Huawei as vulnerable.

HTH

C.

Re: I know...

Speaking in Tech was fabulous, though the decision to part ways with it was taken by El Reg's management some three years ago. A lot has changed since.

Also, this time around we want to focus on end users rather than vendors and suppliers.

C.

"MitM attacks on unencrypted network traffic do happen"

This isn't about that at all, so you're more strawman builder than Satan's attorney.

This is about forcing a nearby device to encrypt data with a key you know (0x00000000), and you can snoop on this data over the air to decrypt it.

C.

Re: El Reg shitty photography

"Why is it that The Reg publish the tiniest grainy photos of products, when a full resolution copy exists?"

Because we sometimes forget to link to the full-res - and forget that you can't click on the main top image to expand it.

FWIW our articles - the content written by journalists - are input and edited as raw HTML in our publishing system, which then sticks stuff like the mast-head, headline, comments link, and so on, automatically when the article is published.

The top image of articles is automatically inserted: we can control the URL of the image, and whether one appears, but it's always non-clickable. If we want to make the main image clickable, we have to manually hide it from the top and embed it lower down in the piece.

In other words: if there's no link to a larger version of an image, someone forgot to put the anchor tag in. If the top image isn't clickable, and should be, someone forgot to move it down into the article.

Drop us an email to corrections@theregister.co.uk if you think we've screwed up so we can fix it immediately.

I've moved the top image down into the article and made it clickable.

C.

They've fixed it, then, it seems. It was throwing certificate errors earlier.

C.

"Most tech rags would not remember what they published last week"

You need to be a black-belt in reoccurring inside jokes to work around here.

It's partly to annoy pedants, and partly a send-up of publications (including El Reg TBF) that accidentally mix up pictures of TV shows, airplanes, battleships, old computers, actors, etc, in headlines and images.

C.

LTS

That's not on the list of affected editions.

C.

Re: Huawei to the danger zone

The Register's tweet for this story was more obscure...

C.

Re: No conflict of interest

Not quite. Rishi Sunak, the new UK chancellor, is the son-in-law of Infosys co-founder Narayana Murthy. Murthy is the father of Sunak's wife.

C.

Whinging

I read an amusing tweet by someone at IBM the other day. So, there's that.

C.

Re: "during what was apparently a check"

I think it was more checking they were operational.

FWIW, ICANN has the ability to override protections and literally drill its way into accessing the KSK HSM but it's rather obvious if that were to happen.

The point being that IANA/ICANN staff can check security systems but there are tamper-proof protections and other layers to prevent actual access outside of a ceremony, unless you brute force your way in, which is, shall we say, detectable.

C.

Re: a digital Fort Knox: impenetrable to only a very few special people.

Yeah yeah, we meant "all but" not "only" - it's fixed. Don't forget to email corrections@theregister.co.uk if you spot something wrong like that, please, so we can fix it ASAP.

C.

Re: Ok...

It's fairly trivial facial recognition - it's the scale and the source of the training data that's causing people to kick off.

Here's how I'd do it. You take 3 billion pairs of images scraped from online profiles and URLs to those profiles. You train a convolutional neural network – or a series of networks – to map images to their source profiles. To make life easier, assign each profile an ID number. Thus a particular face will map to ID 1000, another to ID 1001, and so on.

So when you show it a face, it predicts what the correct profile ID should be. Thus if you show it an image it hasn't seen before, it will try to map it to the closest matching face and its profile ID. You then turn that ID number into a profile. You now have a suggested identity for that input face.

The neural network can output profile ID numbers with a confidence value, so a face could return ID 1001 90% confidence, ID 3000 70% confidence, ID 2000 10% confidence, etc. Just take the highest two or three.

Depending on the training and input data preparation, the training process and the network architecture, it'll be accurate or not very accurate.

As for the scraping: buy a lot of cloud instances and parallelize your curl fetches, crawling webpages, building a graph network.

C.

PS: Cache a copy of the page per URL so that if profiles disappear online, you still have a copy. These pages will contain stuff like names, personal info, links to other profiles owned by the person, etc

Re: 13 Bits

You're over-thinking it. A random number is generated between 0 and 7,999 inclusive, which falls within 13 bits. It's as simple as that.

C.

Better title

Yeah, if it was the default configuration and in the main distros.

If we focus on the bug type, people will complain we're overblowing it. If we focus on the scope people will complain we're downplaying it.

C.

Re: One weeks worth of quarterly income

Between 10 and 11 days of full-year profit, or a week of Q4 profit. Facebook banked $50.7m a day in full-year profit in 2019.

C.

"the Register can do much better than this"

You mean publish opinions you agree with. It's a comment piece, with some reporting. There are plenty of other stories to read if you don't like or agree with this one.

C.

Re: Pittsburgh, Philadelphia?

Yes, Pennsylvania, not Philadelphia. That's a bad oops.

It's been fixed. Don't forget to email corrections@theregister.co.uk if you spot anything wrong.

C.

"how unreasonably low a target uptime of 75%"

1. We like to think it's obvious to Reg readers that 75% (it's actually 77) is low. Didn't seem worth making too much hay about it.

2. Kieren wrote 3 great articles on Tuesday, and we at the back edited a load more. We're always pushed for time, there are always improvements and extra work that can be done, and we have to ship a product at some point. Sometimes you have to call it and run it, and move onto the next thing that needs covering.

C.

Re: Clickbait!

Cache flow, ca... *taps mic* is this thing on?

C.

"I just pity the jury"

There is no jury (unless I've missed a major development): it's a judge-only hearing

C.

"Guys is now an all inclusive term"

It's kinda leaning towards being just blokes rather than inclusive these days.

I thought it was gender inclusive, too, but then someone pointed out: ask a straight male friend how many guys they've dated, and witness the inclusion in action.

C.

Spectre-Meltdown-L1FT-Zombieload-et-al

I've heard rumblings that a chunk of the data center sales are or were due to banks and cloud builders replacing processors with those with mitigations built in.

But it's mainly Intel auctioning off chips to hyperscalers ordering 1m parts a year, I reckon.

C.

"I cannot find it easily"

The original complaint is way out of date - the legal battle has changed over the many years it's been running. Various claims have changed, or been thrown out.

I recommend reading the latest appeals court ruling: https://regmedia.co.uk/2018/03/29/oracle_v_google_opinion.pdf

The original is here: https://regmedia.co.uk/2010/08/13/oracle_complaint_against_google.pdf

C.

Re: ... at the current price

Yeah, I've tweaked that sentence.

C.

"The Rust standard library isn't available on bare metal?"

For bare metal, you can use what's called the core library, and a few others, that provide primitives and basic structures. There's no IO nor heap allocator: you have to implement that yourself.

If you pull in a third-party library that expects to use std library primitives, you're out of luck in a core-only environment. It's not the end of the world: not all libraries require std. Ones labeled nostd will work with core.

std expects there to be an OS underneath providing stuff like heap allocation and IO. With bare metal, there is no OS. You are the OS. Core doesn't require an OS. Core expects you to provide things like the heap allocator.

So, with core, you're not totally on your own, you get some support, you just can't use dependencies that require std, and you have to provide stuff like memory management.

Compare std: https://doc.rust-lang.org/std/

to core: https://doc.rust-lang.org/core/

Core gives you a lot, along with common data structures in the alloc library, but not all of std.

C.

Remote access

There is that, but this is in the context of physically seized devices.

C.

Hair splitting

Yeah, all right, but you get the gist of what we meant. It's in the context of releasing, aka distributing, software. I've taken that sentence out so people can't misread it.

C.