* Posts by diodesign

3493 publicly visible posts • joined 21 Sep 2011

♫ Reans can come true. Look at me, babe, I'm with you – Hitachi V

diodesign (Written by Reg staff) Silver badge

Re: Oh El Reg... your kitchy headline backfired...

They're pronouncing their own name wrong.

C.

Sorry, Neil Armstrong. Boffins say you may not have been first life-form to set foot on the Moon

diodesign (Written by Reg staff) Silver badge

Re: "Boffins is an anti-intellectual term"

Boffins is a term of endearment - if we don't call scientists boffins, we get complaints.

Chill out.

C.

No big deal... Kremlin hackers 'jumped air-gapped networks' to pwn US power utilities

diodesign (Written by Reg staff) Silver badge

Re: More detail please

There is no more detail right now – just a strategic exclusive briefing by Homeland Sec officials with the WSJ.

[ Edit: There's more detail here ]

Presumably the equipment suppliers have access to the utilities' networks so they can provide remote support. That's one way in. The other way is to hack vendors, infect devices, wait for them to be shipped to power plants. Phone home, somehow.

Relevant bits from the Journal:

"The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, 'air-gapped' or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.

"The cyber-attack, which surfaced in the U.S. in the spring of 2016 and continued throughout 2017, exploited relationships that utilities have with vendors who have special access to update software, run diagnostics on equipment and perform other services that are needed to keep millions of pieces of gear in working order.

"The attackers began by using conventional tools—spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites—to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity.

"Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks."

C.

IT biz embezzlement brouhaha leaves bloke with $456k migraine

diodesign (Written by Reg staff) Silver badge

Re: Doctor Syntax

A_yank_lurker is right – if you enjoin someone from, you prohibit them from doing something. In this case, forbidding them from breaking the law.

C.

I predict a riot: Amazon UK chief foresees 'civil unrest' for no-deal Brexit

diodesign (Written by Reg staff) Silver badge

Re: Voland's right hand

"The comment has been taken out of context"

Er, how? Your summary matches our article and the Times' and the quote – so how exactly was it taken out of context?

C.

diodesign (Written by Reg staff) Silver badge

Re: Vogon

"Just about everyone I know did."

Just about everyone I know didn't - or if they did, are now not sure what they voted for.

One pro-Brexit British chap I bumped into, in Texas of all places, didn't even know the referendum was non-binding and advisory.

(Speaking personally)

C.

diodesign (Written by Reg staff) Silver badge

Re: Vogon

"This is exactly what the majority of voters voted for."

17.5m v 16m is not exactly a majority anyone should be celebrating. I'm thinking of the other C word.

Compromising.

C.

Get rich with Firefox or *(int *)NULL = 0 trying: Automated bug-bounty hunter build touted

diodesign (Written by Reg staff) Silver badge

user-after-free()

Just a typo, mate. Fixed. Email corrections@theregister.com if you spot anything wrong, ta.

C.

Windows Server 2019 tweaked to stop it getting clock-blocked

diodesign (Written by Reg staff) Silver badge

Re: asymmetric networks

Yup – made this clearer in the article. Thanks.

C.

Trump wants to work with Russia on infosec. Security experts: lol no

diodesign (Written by Reg staff) Silver badge

Re: Shaolin Twelve

"anti-life, anti-peace, anti-human, pro-eternal-war, and pro-destruction of our World"

Mate, we're talking about emails getting leaked from hacked servers. It's funny how some people think US prosecutors should ignore the whole computer intrusion thing in case Russia gets upset and, er, what, nukes the West?

Come on. You're the one bringing up war, almost as if you're terrified of something that will never happen – and if it does, we'll all be too dead to care anyway.

Don't live your life scared. Stand up, call out hackers, look bullies in the eye, and move on.

C.

Intel and Micron downgrade 3D Xpoint relationship from friends with benefits to partners

diodesign (Written by Reg staff) Silver badge

Re: Micron

Cool – we'll check it out.

C.

Crooks swipe plutonium, cesium from US govt nuke wranglers' car. And yes, it's still missing

diodesign (Written by Reg staff) Silver badge

Re: I work in the field

If you think this is scare mongering, then I regret being restrained, and not going balls out with

DIRTY BOMB SHELL: NUKE NASTY STOLEN, FILTHY WEAPON FEARS GROW

C.

diodesign (Written by Reg staff) Silver badge

Re: That dirty yard in the neighbourhood

Oh yeah, thanks for the reminder of the Goiânia accident – will add it to the story.

C.

Indictment bombshell: 'Kremlin intel agents' hacked, leaked Hillary's emails same day Trump asked Russia for help

diodesign (Written by Reg staff) Silver badge

Re: Re: anonymous coward

"they have very little effect on the target country"

Doesn't matter - a hand was, allegedly, caught in the cookie jar. if you're gonna spy and do counter intelligence, then at least do it right.

Also, Clinton's campaign was flawed. Like, really flawed. It's easy to see that. Again, this isn't about candidates. It's about securing the West's systems, and snaring those who seek to cause mischief.

C.

diodesign (Written by Reg staff) Silver badge

Re: Voyna i Mor

Really, it doesn't matter the size of the economy - Russia has the means to cause mischief globally, and it is.

As it says in the article, whether or not the emails really made people change their minds in the voting booths is up to you. It doesn't matter if the attempt to swing it failed, and that Donald Trump won every vote fair and square.

If you think Americans should sit back and not even prosecute those responsible for infiltrating and attempting to meddle with a presidential campaign, you have my sympathies. I feel sorry for you.

I have a feeling people protesting this indictment are scared it may undermine their choice for the White House. It's cowardice. It shouldn't be about Trump v Hillary. it should be about Kremlin v West.

C.

diodesign (Written by Reg staff) Silver badge

Re: anonymous coward

"Sore losers, grow the f*ck up."

Astonishing levels of whataboutism.

Of course, the USA (and the UK and other nations) have engaged in counter-political operations over the decades.

Right now, Russia's been caught with its hand in the cookie jar, allegedly. People, bafflingly, defending Moscow are the sore losers who need to grow up, I argue.

C.

diodesign (Written by Reg staff) Silver badge

Re: anonymous coward

> the smaller kids

> Russia

Lol.

C.

diodesign (Written by Reg staff) Silver badge

Re: "Did the Russian intervention actually swing the final outcome ?"

Did it have to for any action to be taken?

By that logic, there's no such thing as attempted murder, attempted assault, or conspiracy. Anything attempted is fine as long as it doesn't work out. Rob someone at gunpoint? No problem if you leave empty handed.

Er...

C.

@Richard C: not sure why no comments but

diodesign (Written by Reg staff) Silver badge

Re: No comments

Embarrassingly, someone accidentally triggered a bug in our publishing system that prevents comments from opening on the Broadcom-CA story. And our chief BOFH is on vacation.

Apologies!

C.

One two three... Go: Long Pig Microsoft avoids cannibalising Surface

diodesign (Written by Reg staff) Silver badge

Re: No

It"s missing a 1 - now fixed. Don't forget to email corrections@theregister.com if you spot anything you think is odd or wrong.

C.

Cops suspect Detroit fuel station was hacked before 10 drivers made off with 2.3k 'free' litres

diodesign (Written by Reg staff) Silver badge

Re: I don't think so

Or, I dunno, jerry cans.

C.

Micro Focus offloads Linux-wrangler SUSE for a cool $2.5bn

diodesign (Written by Reg staff) Silver badge

"the article has no mention of P for profits, instead quoting an R for revenue figure."

SUSE's operating profit for the 6 months to Oct 2017 was $49m, more or less matching the year-before's $50m.

I've added this to the article.

C.

diodesign (Written by Reg staff) Silver badge

Re: Makes no sense

The $164m is the 6 months of SUSE revenue to October 31 2017 (up 13% on the year-ago period). For the 12 months to April 2017 (last full annual report), it was $303m (up 21% year on year).

(Don't forget, Microsoft splashed out on GitHub that wasn't particularly profitable.)

C.

diodesign (Written by Reg staff) Silver badge

The $164m is the 6 months of SUSE revenue to October 31 2017. For the 12 months to April 2017 (last full annual report), it was $303m.

C.

Dr Symantec offers quick and painless checkup for VPNFilter menace on routers

diodesign (Written by Reg staff) Silver badge

Re: VPNFilter menace on routers?

The infection vector changes depending on the firmware and model - there is no definitive list, and no concrete details published TTBOMK.

It's not believed the malware exploits any unpatched 0-day bugs - it's going after known vulnerabilities and insecure configurations (such as leaving remote administration enabled, weak passwords, etc).

C.

Time to dump dual-stack networks and get on the IPv6 train – with LW4o6

diodesign (Written by Reg staff) Silver badge

"Where does the 4 to 6 interchange take place?"

In the home router - thus keeping IPv4 within someone's house and leaving the carrier network IPv6-only.

In the US, cable companies rent out their home gateways. They'll just send out new ones, we guess.

C.

Not OK Google: Massive outage turns smart home kit utterly dumb

diodesign (Written by Reg staff) Silver badge

Re: stussybear

"It's not clear from the article exactly what's gone wrong"

They've stopped working. You can't use them. You can't ask them to control stuff in your house.

"should still work locally, just without voice control."

Yes, see the sentence at the end of the article about having to use your fingers.

C.

K8s awaits due date for latest, greatest slate: Extension versioning will reach beta, mates

diodesign (Written by Reg staff) Silver badge

Re: K8s = too complicated

"is kubernetes getting more and more complicated?"

Generally, K8s is seen as a heavy duty solution. For personal or small grade stuff, Docker might be more your thing - I run pretty much everything (toolchains, linux tools, etc) in Docker containers on a personal laptop.

It keeps tools and dependencies separate, and if I screw up one container, the others work fine. This is useful when playing with cross-compilers or tools with particular dependancies.

(I used way BITD to do a lot of Arm cross-compiling on an x86 box, and won't forget the time I overwrote my base GCC installation with 32-bit Arm binaries. Once bitten, etc.)

C.

Great news, cask beer fans: UK shortage of CO2 menaces fizzy crap taking up tap space

diodesign (Written by Reg staff) Silver badge

Re: Oh two or zero two?

"Any reason why a zero was used in this paragraph?"

Just a typo, mate. Now fixed.

C.

Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about

diodesign (Written by Reg staff) Silver badge

Re: Core issues

"The one thing that they did not explain is exactly how TLBs on modern processors tend to be architected"

This tends to be part of the secret sauce in the chips - along with the speculative execution, etc - to increase performance. As the paper notes, exactly how the TLBs work isn't fully documented, and they needed to train a classifier to predict it.

This is common: Intel won't tell you, for example, how it distributes cache slices around its CPU core ring bus on large shared caches.

Also, as the paper states, the TLB design changes from microarch to microarch. So I tried to keep it general :-)

C.

WD's Purple reign continues: 12TB helium disks for vid spy tech

diodesign (Written by Reg staff) Silver badge

Re: Is my math dodgy?

MTBF = *mean* time between failure, not minimum or maximum.

Your drive might last 171 years, or 200, or 300, but spare a thought for those that last 3 months or 6 months.

C.

Visa fingers 'very rare' data centre switch glitch for payment meltdown

diodesign (Written by Reg staff) Silver badge

"If it was the backup switch then presumably the primary has already failed unless the backup was firing out packets that interfered with the rest of the network."

It was a backup switch within the primary center that failed to activate due to a component fault in another switch.

C.

User spent 20 minutes trying to move mouse cursor, without success

diodesign (Written by Reg staff) Silver badge

Re: Mouse cursor?

TBH I'm happy with "mouse cursor" to annoy the pedants.

C.

Meet the Frenchman masterminding a Google-free Android

diodesign (Written by Reg staff) Silver badge

Re: What about Replicant?

The article's about eelo and our interview with its key players – we can do another about Replicant... Thanks for the suggestion.

C.

Cisco Talos reveals inner depths of now-patched Windows disk image security flaw

diodesign (Written by Reg staff) Silver badge

Re: Talos Response

Indeed - we apologize for the error. The article has been rewritten.

C.

Intel chip flaw: Math unit may spill crypto secrets from apps to malware

diodesign (Written by Reg staff) Silver badge

Re: Floating point crypto operations?

Intel's AES-NI instructions use FP registers to store AES round keys.

[Source]

C.

Oddly enough, when a Tesla accelerates at a barrier, someone dies: Autopilot report lands

diodesign (Written by Reg staff) Silver badge

Re: OlaM

"An airliner autopilot will happily fly straight into a mountain if you tell it to."

IMHO if you manually tell it to do a dangerous thing, it stops being an autopilot at that point. Aircraft autopilot follows routes, with set safe altitudes, and terrain-following radar to avoid collisions.

Tesla's tech shot off into a barrier.

C.

Monday: Intel touts 28-core desktop CPU. Tuesday: AMD turns Threadripper up to 32

diodesign (Written by Reg staff) Silver badge

Re: This is another 10GHz Pentium 4!

The 28-core Core X-series part that's due out this year is 14nm, and will likely be a de-featured Xeon, and will not run at 5GHz unless massively overclocked.

Given Intel's other SKUs, 28 cores isn't ridiculous - but it smells like a stunt to steal the thunder from Threadripper 2.

C.

All is swell at Dell: Look, first storage share gain since closing EMC deal

diodesign (Written by Reg staff) Silver badge

Numbers

An anonymous HPE staffer wrote:

"Weren't 4Q18 results 21.935Bn so this is actually a QoQ decline? This just looks like an easy YoY compare vs 1Q18."

We compare year on year, typically not quarter to quarter.

C.

Is Microsoft about to git-merge with GitHub? Rumors suggest: Yes

diodesign (Written by Reg staff) Silver badge

Re: richardcox13

As in, will CodePlex be folded into GitHub, or will GitHub become the new CodePlex. Was CodePlex shuttered to make way for GitHub? Those sorts of questions.

C.

Help, I'm being held prisoner in a security camera testing factory. So please read this...

diodesign (Written by Reg staff) Silver badge

Re: Missing vital information

It doesn't appear you can stream RTMP etc, however you can download video from the cameras to your Apple Mac or Windows PC as MPEG-4 media. See:

https://www.youtube.com/watch?v=CNXNzi0vjvM

C.

Half of all Windows 10 users thought: BSOD it, let's get the latest build

diodesign (Written by Reg staff) Silver badge

Re: BSOD no its not, it's a GREEN SOD

"Why do you call it a BSOD when it's a GREEN error screen under Windows 1803"

Same reason the floppy disk stayed as a 'save' icon long after we stopped using floppies – convention and widely recognized shorthand. It'll revise eventually.

C.

GCHQ bod tells privacy advocates: Most of our work is making sure we operate within the law

diodesign (Written by Reg staff) Silver badge

Re: Destroy All Monsters

'"Privacy Shield and GDPR" I doubt this very much.'

The collapse of Privacy Shield and EU-US data sharing was a direct result of Schrems asking awkward questions about Facebook in light of Snowden's mass surveillance leaks. Also, Google et al started encrypting their data center links. E2E crypto was no longer for tinfoil-hat paranoids. So many things kicked off.

Sure, none of these are Diffe-Hellman Exchange groundbreaking, but you can't stand there and claim there has been no effect.

I think you're just having a grumpy day, and decided to pick a fight online - like a geezer sitting on a deckchair on his lawn, shouting at the kids across the street to quieten down.

C.

diodesign (Written by Reg staff) Silver badge

Re: Duh? Wuh?

"I don't see any improvement anywhere whatsoever. "

The sudden surge of HTTPS Everywhere, and strong end-to-end encryption, as well as Privacy Shield and GDPR, and so on, all passed you by? They were all the result of the Snowden revelations.

They didn't need the leaked files to happen, but the files sure acted like a catalyst.

C.

Epyc fail? We can defeat AMD's virtual machine encryption, say boffins

diodesign (Written by Reg staff) Silver badge

Re: None issue

"Notice that the exploit is a hijacked HYPERVISOR, that's really not an issue."

The whole selling point of SEV is to thwart hijacked hypervisors and evil administrators. It was a selling point AMD pushed for cloud and off-prem platforms. According to this research, it may not live up to the marketing.

AMD made a big deal out of SEV in its Epyc and Ryzen Pro marketing and advertising. It's only right that it is scrutinized, just like Intel's SGX was.

C.

As Tesla hits speed bump after speed bump, Elon Musk loses his mind in anti-media rant

diodesign (Written by Reg staff) Silver badge

"So how to differentiate oneself?"

Exclusives tend to do the trick, to be honest. Reporting true and useful information before anyone else, that sort of material gets read and shared a hell of a lot more than SCREAMING DRAMA.

C.

diodesign (Written by Reg staff) Silver badge

Re: anonymous coward

"You *naturally* adopt the same opinions as the rest of the corporate media class."

Well, you're kinda going off road here because this is The Register, and we certainly aren't corporate media. We're fiercely independent still.

I, for one, read PDF manuals of computer architecture. If anything, I should be reading more normal books, no wonder I'm struggling to be articulate recently. I live in a US coastal city, but then again, roughly 47% of Americans live in a county with a coastal shoreline - and 8 in 10 live in a city - so banging on about coastal cities as if it makes you some kind of 1% elite is a bit weird.

Your comment makes me sad, sad to see how warped a view people have of journalists on the whole. As if there is a strange cult or sinister plot to manipulate the masses, when in reality quite a few journalists are incapable of organizing themselves and fail to possess the ability to be managed.

Of course, there are the Murdochs and the Fox Newses and the Daily Mails of the world, and titles on the left can be rather ridiculous, too, but they are not the only outlets available for consumption. There are thousands of writers, editors, producers, directors, and, er, talent, as they call it on telly and radio, who just want to share the truth and shut down lies.

How badly has the media industry fucked up to sow this level of distrust, I do wonder. Have we dropped the ball too many times, or are people looking for something to blame, or a combination of both, or something else. I don't know. I certainly know that journos get things wrong, like all humans, too many titles rely on access (cough, cough, Wired) - I'm not trying to paint us, as an industry, as perfect. Just perhaps not quite as malevolent as some assume.

Above all, I implore you to read Kieren's bulletpoint list. It's a pretty honest description of how normal journos - esp those here - operate.

C.

diodesign (Written by Reg staff) Silver badge

Re: Can't have it both ways, guys.

The point is journos do X, Y, Z, but they don't function as one coherent centrally managed mass. I do not get my daily orders from some overarching media overlord who oversees hundreds of titles.

In the same way that, say, processor chip designers do X, Y, Z, but work for different bosses and companies with different goals and projects and products.

C.

Uber robo-ride's deadly crash: Self-driving car had emergency braking switched off by design

diodesign (Written by Reg staff) Silver badge

Re: "emergency braking switched off by design"

"IT HAD TO BE TURNED OFF"

Disagree. Volvos ship with EB enabled, for humans. Uber could have designed its software to work with Volvo's emergency system, but it didn't. EB was disabled, and the software wasn't good enough to avoid someone crossing the road.

C.

China changes its mind on Bain's Toshiba chip takeover plans

diodesign (Written by Reg staff) Silver badge

Studies have shown that articles are trusted more if there is a picture under the headline. We try to make them as relevant as possible.

C.