* Posts by diodesign

3495 publicly visible posts • joined 21 Sep 2011

Georgia's voter portal gets a crash course in client versus backend input validation

diodesign (Written by Reg staff) Silver badge

Kinda out of scope

Yeah I get what you're saying but then you could argue that every site / app that requires that info to do business has a "huge vulnerability" because that sort of info is stolen and traded all day every day on the dark web.

The scope of this article is the programming of this particular portal, and the way it validates input data, not the pros and cons of using SSNs and ID numbers - just my 2c.

C.

AMD’s latest desktop CPUs feature lower prices yet again as Intel readies a fightback

diodesign (Written by Reg staff) Silver badge

Zen 5

Yeah, don't worry – that's in the linked article about the new architecture that we've been over in detail, including the cache bandwidth and AVX. Folks can see it all there. We try not to repeat ourselves over and over as we're nobody's PR dept.

C.

Faulty instructions in Alibaba's T-Head C910 RISC-V CPUs blow away all security

diodesign (Written by Reg staff) Silver badge

Only on T-Head's CPUs

The instruction is only broken on Alibaba's CPU cores, not the RISC-V ISA. The instruction isn't even defined by the ISA, it's a non-standard variant of a standard one, as I understand it.

The RISC-V oversight body carefully and clearly defines how security should work. T-Head didn't follow the specs and incorrectly designed their implementation of the RISC-V vector extension in their CPU core so that memory addresses were treated as physical ones, not virtual, bypassing security checks regardless of privilege level.

It's a T-Head problem, not an RV one.

C.

Google paying to be default search on phones is totally against antitrust law, judge rules

diodesign (Written by Reg staff) Silver badge

Quote

Yes, as we quoted Google saying:

"This decision recognizes that Google offers the best search engine, but concludes that we shouldn’t be allowed to make it easily available."

Interesting position. See the end of our article.

C.

Kamala Harris's $7M support from LinkedIn founder comes with a request: Fire Lina Khan

diodesign (Written by Reg staff) Silver badge

Re: You should call him a "venture capitalist"

Yeah no worries; done.

C.

How did a CrowdStrike file crash millions of Windows computers? We take a closer look at the code

diodesign (Written by Reg staff) Silver badge

'broken configuration file'

At the time config file was the best description we had. This is an evolving saga. Our latest article (linked) gets closer to the specifics, that the channel files customize how templates of code run to detect particular malicious activity.

The file in this case was poorly formed, caused its interpreter within Falcon to crash. This was missed in the automated testing.

C.

CrowdStrike Windows patchpocalypse could take weeks to fix, IT admins fear

diodesign (Written by Reg staff) Silver badge

It's a video

Nah it's a video/audio discussion by Reg staff. It's partly to show we are smart, normal, nice but sarcastic humans putting this site together, not some bots or humorless suits. You don't have to watch it; it complements our written coverage. Some people like to listen and don't have time to read through pages of text.

Their needs are as important as your needs, as important everyone else's needs. This is classic 'you can't please all the people all the time'. We're at peace with it.

C.

(BTW YouTube does auto-generate a transcript that replays in real-time, which you could follow on mute, tho it might not be to your liking.)

diodesign (Written by Reg staff) Silver badge

Written word

We got ya covered - see the links. We've written a ton so far. Some people like to hear from us hacks direct. This is that.

C.

Angry admins share the CrowdStrike outage experience

diodesign (Written by Reg staff) Silver badge

Mercedes

Ironic seeing as the Mercedes F1 team is sponsored by CrowdStrike, uses its tech on their Windows boxen, and has been hit by the SNAFU ahead of the Hungarian GP.

C.

Release the hounds! Securing datacenters may soon need sniffer dogs

diodesign (Written by Reg staff) Silver badge

Re: triphenylphosphine oxide

We've clarified that sentence - it's a multi-use chemical that does show up a lot in data storage electronics. Police dogs are trained to sniff out hidden drives of highly illegal content in suspects' homes, for instance.

C.

Craig Wright admits he isn't the inventor of Bitcoin after High Court judgment in UK

diodesign (Written by Reg staff) Silver badge

Re: Ozzie

I don't care what it says in your magic book, we call them Ozzies and Aussies interchangeably.

C.

Iran's MuddyWater phishes Israeli orgs with custom BugSleep backdoor

diodesign (Written by Reg staff) Silver badge

Badges

Bronze and silver badges are awarded automatically once you cross certain posting milestones, and are automatically removed if you drop below those thresholds (and awarded again when go above). Gold is another thing.

So it was (FYI) probably an automatic thing if you lost a silver, unless someone intervened before my time here.

C.

Evidence for Moon caves emerges as humans hunt for hospitable hideaway under lunar surface

diodesign (Written by Reg staff) Silver badge

Not the mother, the breadcrumbs

If you follow the link, it's about the breadcrumb aspect, not the parenting.

C.

Agile Manifesto co-author blasts failure rates report, talks up 'reimagining' project

diodesign (Written by Reg staff) Silver badge

Why reference

To give those upset by it closure.

C.

Honey, I shrunk the LLM! A beginner's guide to quantization – and testing it

diodesign (Written by Reg staff) Silver badge

Good question

The guardrails can be primitive text filters, at the input and output stage.

But we suspect for big production APIs, there is perhaps an adversarial stage that is trained on classifying bad input / output, and then filtering the input / output stages.

C.

SpaceX's Falcon anomaly could have serious implications for the space industry

diodesign (Written by Reg staff) Silver badge

Fair points

Hi -- those are good observations. The point we wanted to make is that, in our opinion, SpaceX needs to reassure everyone that there isn't a deep-rooted systemic problem that will potentially affect all future launches, and that this is a one-off that can be identified and corrected.

Happy to make that clearer.

C.

CISA broke into a US federal agency, and no one noticed for a full 5 months

diodesign (Written by Reg staff) Silver badge

Re: CVE-nnnn : some systems may be vulnerable to divine intervention

Hi -- oops! Thanks been fixed. Thanks for letting us know.

C.

'Gay furry hackers' say they've disbanded after raiding Project 2025's Heritage Foundation

diodesign (Written by Reg staff) Silver badge

Er...

If you think any of our coverage of SiegedSec is sympathetic to them, you need to look again but not through a lens of some persecution complex.

There's a reason we call people like them miscreants – and this article and others have covered SiegedSec's previous intrusions. Chill out.

C.

New Outlook set for GA despite missing some key features

diodesign (Written by Reg staff) Silver badge

Corrections

Ah, cool - I just replied to the person who wrote in. Thanks again.

C.

diodesign (Written by Reg staff) Silver badge

Oops!

Yeah, just an accidental production error on our side. Someone hit the wrong button while tweaking the sentence in the edit. It's fixed now.

Drop corrections@ if you spot something like this so we can fix it up right away, please. Cheers,

C.

Xen Project in a pickle as colo provider housing test platform closes

diodesign (Written by Reg staff) Silver badge

'Testing a hypervisor inside another hypervisor'

Yeah, we know, we know. We just forgot to think it through, sadly. Although nested virtualization is a thing, you're right, that's not an accurate test.

Mea culpa. Now that we've read the documentation, we've tweaked the piece to better explain that the testing system involves a pool of bare metal equipment that can't be virtualized and easily migrated. If you spot something wrong like this, don't forget to drop corrections@theregister.com a note and we'll do our best to fix things up.

C.

You had a year to patch this Veeam flaw – and now it's going to hurt some more

diodesign (Written by Reg staff) Silver badge

Re: kind of confused

FWIW the Group-IB report does take a few reads to understand, and we've tried making our summary of it more clear. It does start with the abuse of the Fortinet VPN to gain RDP access to the failover. And then it all falls down.

But to get into the backup servers, the CVE was exploited, and that has credential stores that are useful for other parts of the network. Yes, the network is compromised with or without the CVE exploited. The Veeam bug just seems to make the ransomware deployment easier. AIUI.

C.

VMware license changes mean bare metal can make a comeback through 'devirtualization', says Gartner

diodesign (Written by Reg staff) Silver badge

Link added

It's google-able but we've directly linked to it now.

C.

So much for green Google ... Emissions up 48% since 2019

diodesign (Written by Reg staff) Silver badge

You may have misread

We haven't changed the text - the only mention of efficiencies is specifically this part: "generating more efficient routes for automobiles."

There wasn't any chunk of the story talking about changes in overall efficiency of Google's DC estate.

C.

diodesign (Written by Reg staff) Silver badge

Of course

You're not missing anything. Emissions are going up, making the goal of net zero harder, tho Google reckons the increases will be offset by greater efficiencies driven by AI. As the report states:

"As we further integrate AI into our products, reducing emissions may be challenging due to increasing energy demands from the greater intensity of AI compute"

C.

Despite OS shields up, half of America opts for third-party antivirus – just in case

diodesign (Written by Reg staff) Silver badge

"security code baked in"

Yeah, we found a better way of writing that. It's been tweaked.

C.

Brace for new complications in big tech takedowns after Supreme Court upended regulatory rules

diodesign (Written by Reg staff) Silver badge

Re: It's actually good.

I get that in theory ensuring rules are set by elected lawmakers and adjudicated by judges is a fair thing.

But in practicality, can the court system really handle the load? Can watchdogs really afford to enforce rules if they're just going to be challenged in court every time? Can we expect lawmakers to pass detailed and technically correct legislation all the time? Isn't deferring to scientists and experts a fair thing, too, with parameters set by Congress?

Bear in mind the Supremes got nitrous oxide confused with nitrogen oxides in their separate Ohio v EPA ruling :( Baking those kinds of mistakes into law could have quite disastrous effects.

C.

Microsoft CEO of AI: Your online content is 'freeware' fodder for training models

diodesign (Written by Reg staff) Silver badge

Re: Anyone can copy it, recreate with it, reproduce with it

It's like Microsoft took the i made this meme and absorbed it as SOP.

C.

TeamViewer says Russia broke into its corp IT network

diodesign (Written by Reg staff) Silver badge

Re: Heart attack material

On a personal level, some of my extended family use TeamViewer to remote-fix PC problems, saving a multi-hour trip and back in person to relatives.

I'm sure the Russians aren't interested in my in-laws' emails but still, it's sub-optimal.

C.

Elon Musk to destroy the International Space Station – with NASA's approval, for a fee

diodesign (Written by Reg staff) Silver badge

Re: Language

I dunno if you've noticed around here but we tend to bend the language to breaking point, and we kinda enjoy it. It's fun to test the limits and play with writing. Yes, there are rules to follow. Apostrophes, plurals, commas, and so on.

But you're talking about a publication that writes about bonkers boffins, naughty Norks, and enormo electronics slingers. Masses and deorbit are par for the course.

C.

Apple crippled watchOS to corner heart-tracking market, doctors say

diodesign (Written by Reg staff) Silver badge

Hmmm...

FWIW to clear up any confusion: AliveCor's Apple smartwatch app used the continuous heart-rate data from the Watch to identify potential signs of danger, and would tell the wearer they should take a test with proper ECG equipment to be sure (for the reasons you give).

And AliveCor primarily sold FDA-approved ECG monitoring devices, including an FDA-approved Watch wristband that did just that. So it's not like AliveCor was trying to do full ECG with just the Watch's built-in senor. Without the continuous feed, it couldn't even properly warn wearers of potential danger, and had to pull its app, hence the antitrust suit, or so it says.

The watchOS changes, as far as AliveCor is concerned, caused the biz to offer less to the market.

C.

FCC wants telcos to carrier unlock cellphones 60 days after activation

diodesign (Written by Reg staff) Silver badge

It might be that simple

As it's 60 days after _activation_. When the phone connects to its cellular network for the first time. Whether carriers would be OK with that is another matter, but right now, it's from activation.

The proposed rule, according to the FCC, is specifically "requiring all mobile wireless service providers to unlock mobile phones 60 days after the device is activated with the provider."

C.

Want to save the planet from AI? Chuck in an FPGA and ditch the matrix

diodesign (Written by Reg staff) Silver badge

Re: French art prior

As others have pointed out, the optimization described in this latest paper does separate it from prior research. I've added a note to the article about it.

C.

Supreme Court won't stop Biden leaning on social media giants to tackle disinfo

diodesign (Written by Reg staff) Silver badge

Re: Misinformation == non state sanctioned propaganda /s

I think you might be being snarky here but on a serious note - the article does repeatedly and through-out include the caveat that this is misinformation as defined by the US government, which is an important distinction.

C.

Bake an LLM with custom prompts into your app? Sure! Here's how to get started

diodesign (Written by Reg staff) Silver badge

w-ttf

That's so gross, I love it.

(Also out of scope of the article but hey, nice project)

C.

Julian Assange to go free in guilty plea deal with US

diodesign (Written by Reg staff) Silver badge

Embassy

Kinda - to avoid questioning over an allegation he denied - and ultimately he thought that would land him in the States on intelligence-related charges.

C.

NASA ought to pay up after space debris punched a hole in my roof, homeowner says

diodesign (Written by Reg staff) Silver badge

FYI

From the legal team's statement:

"Additionally, the Oteros’ homeowner’s insurance carrier submitted a simultaneous claim for the damages to the property that it had subrogated."

C.

GPU-accelerated VMs on Proxmox, XCP-ng? Here's what you need to know

diodesign (Written by Reg staff) Silver badge

Re: A little shrill

Hi -- glad you enjoyed the piece. Genuinely curious so that we can improve our writing: What did you think was shrill?

C.

Meta warns bit flips, other hardware faults cause AI errors

diodesign (Written by Reg staff) Silver badge

Re: I'm a bit out of touch with the hardware design

Meta's talking about "undetected" hardware faults, so presumably errors that the hardware didn't catch or alert software to.

C.

diodesign (Written by Reg staff) Silver badge

Re: Sounds a lot!

OpenAI's CEO claimed in Feb that his super-lab's models output about 100 billion words per day, which is 1.2M words per second.

Let's say a typical response is on average 500 words. That's 2,400 requests a second. You're looking at about 10 bit flips a second, assuming one output run is one "inference," by Meta's numbers. Does seem a little high, based on that guesswork, tho that's the number quoted.

It's frustrating that Meta has issued a bunch of research on SDCs but presumably the lawyers and PR prevent the release of hard numbers on the number of bit flips its datacenters experience per unit of time. Other than the negative press it might generate ('Facebook gets it wrong X times a minute!!') it also partially reveals how many servers or how much compute resource Meta has, and hyperscalers hate revealing that info.

C.

Car dealer software bigshot CDK pulls systems offline twice amid 'cyber incident'

diodesign (Written by Reg staff) Silver badge

U wot m8

It's a cyber-attack in the US against US dealerships, so yes, we're going to reference June 19th, a public holiday in the US [triv]

Also, we will quote Reddit where relevant: If that's where dealers are discussing things, we'll link to it.

C.

Amtrak confirms crooks are breaking into accounts using creds swiped from other DBs

diodesign (Written by Reg staff) Silver badge

Re: Worlds largest?

Yeah, America's rail network is the largest in the world of its kind. And Amtrak uses it. I've made sure that's clear in the piece.

C.

NTT uses scattered monitors to trick your brain into seeing 3D images

diodesign (Written by Reg staff) Silver badge

Rabbit to dolphin

How that happened falls under a section in the research titled:

You Are Not Expected to Understand This

So we didn't bother.

C.

diodesign (Written by Reg staff) Silver badge

Re: David Hockney

Probably!

C.

diodesign (Written by Reg staff) Silver badge

Almost

I think it's close but NTT's design uses scattered displays (as illustrated) whereas Bob's paper (there's a PDF of it floating around out there) describes an organized array of panels.

C.

Version 256 of systemd boasts '42% less Unix philosophy'

diodesign (Written by Reg staff) Silver badge

Sudo

Hey, we said "some black magic". Key word "some" – and black magic isn't pejorative. That's a nice way of saying it involves some internal bits of the OS that people generally don't go near.

If you know how that all works, great. But just as you're allowed an opinion about sudo, so are we.

C.

Startup Diraq taps GlobalFoundries to forge silicon-based quantum chips

diodesign (Written by Reg staff) Silver badge

"Did he actually say that?"

Yes, that's what he was quoted as saying.

C.

Support, don't micromanage, say researchers who find WFH intensified 'anxiety' in some

diodesign (Written by Reg staff) Silver badge

Re: link to actual report

Brilliant, thanks - we've added that link now.

C.

diodesign (Written by Reg staff) Silver badge

Oops

Yeah, we messed up there. The article has been revised to focus more on reality. Sorry about that; we will try harder next time.

C.

Molten lunar regolith heats up space colonization dreams

diodesign (Written by Reg staff) Silver badge

Re: Details.

Fair question. We've tightened up that sentence, too.

C.