Posts by diodesign 3533 publicly visible posts • joined 21 Sep 2011
The underlying protocol isn't but Microsoft is trying to move people in terms of the app they use. From the official announcement:
"With this general availability launch, users of Remote Desktop clients for Windows, macOS, iOS, iPadOS, and web will transition to Windows App."
C.
It a) declares to the compiler that x is mutable (ie, can be changed; Rust defaults to immutable variables for safety) and b) that x is type 'int'. If you try to use it as something else later, that's a build-time error.
They are both to avoid code being written at one point in time with assumptions in mind, and then at some other time, the code being changed or added to without those assumptions in mind.
C.
Hi -- first things first, this is an article about a Morgan Stanley note. We're reporting that, it's not a conclusion we came to. It's us reporting an observation by market watchers that readers may find interesting.
Second, this isn't about the grid being dirty or not. It's about the increasing power demands of datacenters due to AI, which means datacenters are indirectly causing or taking up more share of CO2 output. That's worth pointing out, in that rather than just saying datacenters are using more power, this is pointing out one consequence of that. If it's all known to you already, great, but MS felt it needed a note and we felt like highlighting it.
This isn't about the climate or pollution or dirty energy. This is about carbon targets, whether those targets can be met if servers are helping emit more and more CO2, and financial / business opportunities for decarbonizing. This is Morgan Stanley after all.
I think you might be overthinking it.
C.
No, not in my experience. The cars will go from passenger to passenger. However, there are cameras on board that use computer vision to watch to make sure you have your seat belt on, have got out of the car, haven't left anything behind.
I would imagine there is some CV involved to inspect the interior after everyone's out. I can't be certain. It's something that occurs to me when I get in one.
C.
Look, we regrettably make some errors from time to time for various reasons, some due to deadline pressures, some due to misunderstandings by us or our sources -- but if you see "a stupid amount" of errors then you might want to consider that we're not the ones who are wrong.
The problem I think you have is that you see "cooling capacity" and you think some kind of quantity, like a mass, is involved. Understandable given the terms. But cooling capacity is specified in watts (the unit of power). It's a rate. Just like the speed of light is given in metres per second, cooling capacity is given in watts, and watts are joules per second.
Think of the 1MW cooling capacity as the rate of refrigeration, the opposite of heating. Your kitchen electric kettle might heat your water at a rate of 1200 J per second (1.2kW). A 1MW CDU takes 1MJ out of the system a second.
HTH. Try to give us some credit, ta.
C.
It's a memory safety failure. The LPD is designed to do the things you've said and expect. But the vulnerability is a use-after-free, so what happens is, someone sends it some specially crafted data that causes the daemon to reuse free'd memory leading to exploitation.
I don't know the specifics but usually what happens is that you trick vulnerable software into freeing some memory, you cause that memory to be reallocated and filled with your attacker-controlled data, then the software uses the memory again in the original context after it was freed. Rather than using its own information, now it's using that attacker-controlled data - and if that data is function pointers (usually is) then now you can direct program control to your own functions you included in the payload. Or similar.
'Friends are always telling me you’re a user. I don’t care what you do to them. Just be good to free().'
From Microsoft's disclosure about the bug: "An unauthenticated attacker could send a specially crafted print task to a shared vulnerable Windows Line Printer Daemon (LPD) service across a network. Successful exploitation could result in remote code execution on the server."
C.
"Intel’s internal testing – utilizing Intel Default Settings - indicates performance impact is within run-to-run variation (eg. 3DMark: Timespy, WebXPRT 4, Cinebench R24, Blender 4.2.0) with a few sub-tests showing moderate impacts (WebXPRT Online Homework; PugetBench GPU Effects Score).
"For gaming workloads tested, performance has also been within run-to-run variation (eg. Cyberpunk 2077, Shadow of the Tomb Raider, Total War: Warhammer III – Mirrors of Madness) with one exception showing slightly more impact (Hitman 3: Dartmoor).
"However, system performance is dependent on configuration and several other factors."
FYI. So, yeah, performance is about the same, except in some cases when it's not.
C.
We're *quoting* what Tim was accused of. We're not saying it - we're quoting what the allegation is. That's why there are quote marks around it. We've linked to what was actually said by Tim for *your* context.
If you don't agree with the allegation, fine. But we're not saying it. The stuff in quotes you're attributing to us for some reason you should attribute to the Python council.
C.
Yeah, if no one untrusted can reach the web interface of the devices, they can't exploit it. If someone malicious is on your network and can reach them, then they can attack.
As for if you should worry about it, I think it comes down to this: If there's an intruder or malicious user in your network, are you going to worry about the phones as a priority or whatever else they could do first? You might find a rogue insider or compromised machine has other goals than screwing with your phones.
I guess a particularly nasty intruder might seek to exfiltrate data or run some malware, and then to hamper your efforts to fix things, attack the phones.
But another point: The attacker would have to craft a buffer overflow exploit, which is fiddly, or just crash them with a more trivial exploit. It depends on how much pain someone wants to cause you.
C.
Yeah, yeah. We know, that's why our article is upfront about it. We were on the fence about the research and decided in the end to cover this because other outlets, including the Washington Post, were writing about this without mentioning the admin aspect at all.
The PR team for the vendor told us, when we asked, that admin rights are needed or you need a priv'd user to intervene. But Microsoft think it's important enough to warrant a fix and there is an EoP aspect to it.
We're not telling you to panic. We're telling you how it is. Give us some credit!
C.
Yeah I get what you're saying but then you could argue that every site / app that requires that info to do business has a "huge vulnerability" because that sort of info is stolen and traded all day every day on the dark web.
The scope of this article is the programming of this particular portal, and the way it validates input data, not the pros and cons of using SSNs and ID numbers - just my 2c.
C.
The instruction is only broken on Alibaba's CPU cores, not the RISC-V ISA. The instruction isn't even defined by the ISA, it's a non-standard variant of a standard one, as I understand it.
The RISC-V oversight body carefully and clearly defines how security should work. T-Head didn't follow the specs and incorrectly designed their implementation of the RISC-V vector extension in their CPU core so that memory addresses were treated as physical ones, not virtual, bypassing security checks regardless of privilege level.
It's a T-Head problem, not an RV one.
C.
At the time config file was the best description we had. This is an evolving saga. Our latest article (linked) gets closer to the specifics, that the channel files customize how templates of code run to detect particular malicious activity.
The file in this case was poorly formed, caused its interpreter within Falcon to crash. This was missed in the automated testing.
C.
Nah it's a video/audio discussion by Reg staff. It's partly to show we are smart, normal, nice but sarcastic humans putting this site together, not some bots or humorless suits. You don't have to watch it; it complements our written coverage. Some people like to listen and don't have time to read through pages of text.
Their needs are as important as your needs, as important everyone else's needs. This is classic 'you can't please all the people all the time'. We're at peace with it.
C.
(BTW YouTube does auto-generate a transcript that replays in real-time, which you could follow on mute, tho it might not be to your liking.)
Bronze and silver badges are awarded automatically once you cross certain posting milestones, and are automatically removed if you drop below those thresholds (and awarded again when go above). Gold is another thing.
So it was (FYI) probably an automatic thing if you lost a silver, unless someone intervened before my time here.
C.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
