Re: Oh El Reg... your kitchy headline backfired...
They're pronouncing their own name wrong.
C.
3493 publicly visible posts • joined 21 Sep 2011
Boffins is a term of endearment - if we don't call scientists boffins, we get complaints.
Chill out.
C.
There is no more detail right now – just a strategic exclusive briefing by Homeland Sec officials with the WSJ.
[ Edit: There's more detail here ]
Presumably the equipment suppliers have access to the utilities' networks so they can provide remote support. That's one way in. The other way is to hack vendors, infect devices, wait for them to be shipped to power plants. Phone home, somehow.
Relevant bits from the Journal:
"The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, 'air-gapped' or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.
"The cyber-attack, which surfaced in the U.S. in the spring of 2016 and continued throughout 2017, exploited relationships that utilities have with vendors who have special access to update software, run diagnostics on equipment and perform other services that are needed to keep millions of pieces of gear in working order.
"The attackers began by using conventional tools—spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites—to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity.
"Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks."
C.
"anti-life, anti-peace, anti-human, pro-eternal-war, and pro-destruction of our World"
Mate, we're talking about emails getting leaked from hacked servers. It's funny how some people think US prosecutors should ignore the whole computer intrusion thing in case Russia gets upset and, er, what, nukes the West?
Come on. You're the one bringing up war, almost as if you're terrified of something that will never happen – and if it does, we'll all be too dead to care anyway.
Don't live your life scared. Stand up, call out hackers, look bullies in the eye, and move on.
C.
"they have very little effect on the target country"
Doesn't matter - a hand was, allegedly, caught in the cookie jar. if you're gonna spy and do counter intelligence, then at least do it right.
Also, Clinton's campaign was flawed. Like, really flawed. It's easy to see that. Again, this isn't about candidates. It's about securing the West's systems, and snaring those who seek to cause mischief.
C.
Really, it doesn't matter the size of the economy - Russia has the means to cause mischief globally, and it is.
As it says in the article, whether or not the emails really made people change their minds in the voting booths is up to you. It doesn't matter if the attempt to swing it failed, and that Donald Trump won every vote fair and square.
If you think Americans should sit back and not even prosecute those responsible for infiltrating and attempting to meddle with a presidential campaign, you have my sympathies. I feel sorry for you.
I have a feeling people protesting this indictment are scared it may undermine their choice for the White House. It's cowardice. It shouldn't be about Trump v Hillary. it should be about Kremlin v West.
C.
"Sore losers, grow the f*ck up."
Astonishing levels of whataboutism.
Of course, the USA (and the UK and other nations) have engaged in counter-political operations over the decades.
Right now, Russia's been caught with its hand in the cookie jar, allegedly. People, bafflingly, defending Moscow are the sore losers who need to grow up, I argue.
C.
Did it have to for any action to be taken?
By that logic, there's no such thing as attempted murder, attempted assault, or conspiracy. Anything attempted is fine as long as it doesn't work out. Rob someone at gunpoint? No problem if you leave empty handed.
Er...
C.
The $164m is the 6 months of SUSE revenue to October 31 2017 (up 13% on the year-ago period). For the 12 months to April 2017 (last full annual report), it was $303m (up 21% year on year).
(Don't forget, Microsoft splashed out on GitHub that wasn't particularly profitable.)
C.
The infection vector changes depending on the firmware and model - there is no definitive list, and no concrete details published TTBOMK.
It's not believed the malware exploits any unpatched 0-day bugs - it's going after known vulnerabilities and insecure configurations (such as leaving remote administration enabled, weak passwords, etc).
C.
"It's not clear from the article exactly what's gone wrong"
They've stopped working. You can't use them. You can't ask them to control stuff in your house.
"should still work locally, just without voice control."
Yes, see the sentence at the end of the article about having to use your fingers.
C.
"is kubernetes getting more and more complicated?"
Generally, K8s is seen as a heavy duty solution. For personal or small grade stuff, Docker might be more your thing - I run pretty much everything (toolchains, linux tools, etc) in Docker containers on a personal laptop.
It keeps tools and dependencies separate, and if I screw up one container, the others work fine. This is useful when playing with cross-compilers or tools with particular dependancies.
(I used way BITD to do a lot of Arm cross-compiling on an x86 box, and won't forget the time I overwrote my base GCC installation with 32-bit Arm binaries. Once bitten, etc.)
C.
"The one thing that they did not explain is exactly how TLBs on modern processors tend to be architected"
This tends to be part of the secret sauce in the chips - along with the speculative execution, etc - to increase performance. As the paper notes, exactly how the TLBs work isn't fully documented, and they needed to train a classifier to predict it.
This is common: Intel won't tell you, for example, how it distributes cache slices around its CPU core ring bus on large shared caches.
Also, as the paper states, the TLB design changes from microarch to microarch. So I tried to keep it general :-)
C.
"An airliner autopilot will happily fly straight into a mountain if you tell it to."
IMHO if you manually tell it to do a dangerous thing, it stops being an autopilot at that point. Aircraft autopilot follows routes, with set safe altitudes, and terrain-following radar to avoid collisions.
Tesla's tech shot off into a barrier.
C.
The 28-core Core X-series part that's due out this year is 14nm, and will likely be a de-featured Xeon, and will not run at 5GHz unless massively overclocked.
Given Intel's other SKUs, 28 cores isn't ridiculous - but it smells like a stunt to steal the thunder from Threadripper 2.
C.
'"Privacy Shield and GDPR" I doubt this very much.'
The collapse of Privacy Shield and EU-US data sharing was a direct result of Schrems asking awkward questions about Facebook in light of Snowden's mass surveillance leaks. Also, Google et al started encrypting their data center links. E2E crypto was no longer for tinfoil-hat paranoids. So many things kicked off.
Sure, none of these are Diffe-Hellman Exchange groundbreaking, but you can't stand there and claim there has been no effect.
I think you're just having a grumpy day, and decided to pick a fight online - like a geezer sitting on a deckchair on his lawn, shouting at the kids across the street to quieten down.
C.
"I don't see any improvement anywhere whatsoever. "
The sudden surge of HTTPS Everywhere, and strong end-to-end encryption, as well as Privacy Shield and GDPR, and so on, all passed you by? They were all the result of the Snowden revelations.
They didn't need the leaked files to happen, but the files sure acted like a catalyst.
C.
"Notice that the exploit is a hijacked HYPERVISOR, that's really not an issue."
The whole selling point of SEV is to thwart hijacked hypervisors and evil administrators. It was a selling point AMD pushed for cloud and off-prem platforms. According to this research, it may not live up to the marketing.
AMD made a big deal out of SEV in its Epyc and Ryzen Pro marketing and advertising. It's only right that it is scrutinized, just like Intel's SGX was.
C.
"You *naturally* adopt the same opinions as the rest of the corporate media class."
Well, you're kinda going off road here because this is The Register, and we certainly aren't corporate media. We're fiercely independent still.
I, for one, read PDF manuals of computer architecture. If anything, I should be reading more normal books, no wonder I'm struggling to be articulate recently. I live in a US coastal city, but then again, roughly 47% of Americans live in a county with a coastal shoreline - and 8 in 10 live in a city - so banging on about coastal cities as if it makes you some kind of 1% elite is a bit weird.
Your comment makes me sad, sad to see how warped a view people have of journalists on the whole. As if there is a strange cult or sinister plot to manipulate the masses, when in reality quite a few journalists are incapable of organizing themselves and fail to possess the ability to be managed.
Of course, there are the Murdochs and the Fox Newses and the Daily Mails of the world, and titles on the left can be rather ridiculous, too, but they are not the only outlets available for consumption. There are thousands of writers, editors, producers, directors, and, er, talent, as they call it on telly and radio, who just want to share the truth and shut down lies.
How badly has the media industry fucked up to sow this level of distrust, I do wonder. Have we dropped the ball too many times, or are people looking for something to blame, or a combination of both, or something else. I don't know. I certainly know that journos get things wrong, like all humans, too many titles rely on access (cough, cough, Wired) - I'm not trying to paint us, as an industry, as perfect. Just perhaps not quite as malevolent as some assume.
Above all, I implore you to read Kieren's bulletpoint list. It's a pretty honest description of how normal journos - esp those here - operate.
C.
The point is journos do X, Y, Z, but they don't function as one coherent centrally managed mass. I do not get my daily orders from some overarching media overlord who oversees hundreds of titles.
In the same way that, say, processor chip designers do X, Y, Z, but work for different bosses and companies with different goals and projects and products.
C.
"IT HAD TO BE TURNED OFF"
Disagree. Volvos ship with EB enabled, for humans. Uber could have designed its software to work with Volvo's emergency system, but it didn't. EB was disabled, and the software wasn't good enough to avoid someone crossing the road.
C.