* Posts by Justthefacts

596 posts • joined 22 May 2014

Page:

Software-defined silicon is coming for telecom kit later this year

Justthefacts Silver badge

Popcorn?

I’m sad. I was hoping for some tantrums of internally conflicted freetards.

#1 See, it’s got RISCV! Told you they would destroy ARM, so cool, when can I buy this chip so I can put Cyanogenmod on it” [yes, I do know. But fanboiz]

#2 “company is charging for software features…,that should come free with the hardware….after all, they’ve already written it, so why can’t I haz it?”

But we’ve only heard #2. Come on fanboiz, where’s the RISCV army to assert that possession of an open-source instruction set makes them Not Evil and Winnerz?I have a bowl of popcorn, and I’m hungry.

Spain, Austria not convinced location data is personal information

Justthefacts Silver badge

Re: Start to publish politicians, judges and other "VIP" location data...

So, if you’re the husband of a traditional Austrian household, who pays all bills including the phone bill, you are demanding the right to receive the full location track of your wife’s phone in electronic form so you can put it into a spreadsheet and see where she’s been?

Hello Mr Fritzl.

US must adopt USB-C charging standard like EU, senators urge

Justthefacts Silver badge

Re: De-duplication?

Ah, downvoters…..I’ll just leave this link here.

https://hackerwarehouse.com/product/usb-ninja-cable/

Justthefacts Silver badge

Re: De-duplication?

To give an idea of just how bonkers USB-C has become, in its design-by-committee-every-stakeholder-must-be-appeased, here are some functions now included in your *wall-wart*:

#1 Firmware Update. That’s right, your electric plug now gets firmware updates. Which means that wall-wart malware is now a thing. Turn your Office Nemesis electric plug into an untraceable device-specific-zapper they’ll never suspect. Months of schadenfreude fun.

#2 Talking about malware…..you know how you shouldn’t plug untrusted USB devices into your laptop? Well, congratulations, now *every charging point is an untrusted USB host*! Hurrah! You too can recharge your laptop in the coffee-shop helpfully-configured as a USB-C socket, and get pwned.

#3 Authentication hashing. Yes indeed. Your home electric plug now needs to be able to compute crypto hashes to power a toothbrush. Sigh. Digicert 128bit, if you’re interested.

#4 Are you a National Security Agency who wants the ability to insert functionality into *the electric plug* to either - a) trace every single device in your country, since it has to be charged at a plug quite regularly, or b) Something even More Evil?

“The Country Specific Data field Shall contain content defined by and formatted in a manner determined by an official agency of the country indicated in the Country Code field.”

#5 Have you ever thought to yourself - my laptop is nearly run out of charge for a client presentation, but my electric toothbrush and vibrator both still have charge, so why can’t I plug both of those into the laptop to back power it at the instant it runs out, seamlessly, using the power of both simultaneously? You have? You’re in luck! USB-C has a *specific* and highly complex bus protocol designed just for you!

It’s an electric plug. FFS.

Justthefacts Silver badge

Re: De-duplication?

No, that’s exactly the point. You *can’t* use your hair-straightener USB-C charger for your smartphone. Or rather: you can plug it in, and it will charge, but really slowly, probably not efficiently, and quite likely long-term killing your battery life. And none of this is marked in any way on the charger. The consumer is clueless about what they are signed up to.

The USB-C spec is *so complicated* (over 800 pages), that not even the manufacturers of your hair-straightener charger would have an earthly clue of the difference. But it’s there, and it’s massive. The charger can (and if proprietary designed, does) take into account *everything* in the unique characteristics of the target battery.

The USB-C charger can read the battery chemistry, temperature, country of manufacture, manufacturer ID of target device. It’s expected to *download from the internet* a firmware device driver of the optimum charging profile, if it doesn’t have it. Yes, really. Because the spec was designed to be either full proprietary shipped with the device, or on a laptop port charging your device.

The USB-C spec is insane. And it’s nothing like the “universal non-proprietary wall wart” that you think you’ve been sold.

https://www.usb.org/document-library/usb-power-delivery

France levels up local video game slang with list of French terms to replace foreign words

Justthefacts Silver badge
Happy

Re: "French guy here"

We……assassinate them

Taiwan claims ‘breakthrough’ in EU semiconductor cooperation talks

Justthefacts Silver badge

Not sure how the Reuters source article justifies the headline “breakthrough

The source is Reuters who say: “Taiwan tells EU it will continue to be 'trusted' chip partner”

I do wonder if this a communication difference between the way the Taiwanese meant it, the English would read it, and a European reads it. Because to me, that reads very similar to “The manager continues to have the full support of the board”. Why would the EU *not* be a trusted partner? Partner in what? Taiwan certainly aren’t promising *more* than EU has got today, and the implication is that *less* is certainly at least a possibility.

Also “ Taiwan has "tried its best" to help the EU and other partners resolve a global shortage of chips.”. This to me sounds like an explosion of immense frustration. They tried their best to help you, and everything is still all messed up….so the implication is that the EU is not helping itself.

And finally the breakthrough isn’t some future deal, but rather “[Taiwan] noted that previous Taiwan-EU meetings were at the deputy level, and this one had been raised to ministerial level, calling it a major breakthrough in Taiwan-EU relations.”. Which again I would hear as a note of intense frustration that the EU had previously not been prepared to allocate even the bare minimum of politeness in relations, and a hope that maybe this minister will do better than the previous rudeness and unhelpfulness.

Take a step back, and look at the situation as it must appear to the Taiwanese. European industry has been on its knees for nearly a year due to semiconductor supply chain. And it couldn’t even find more than *deputy* to take Taiwan’s call until yesterday? What complete insanity is this? It’s the 21st century. The *day* that supply chain started being problematic, the minister should have been on Zoom to their opposite number in Taiwan to see how they could work together on this. Did the minister have anything more important to do….for a *year*? WTAF.

And then we have mini-bombshells like “ They also discussed improving market access for EU agricultural products and the investment environment for EU business in offshore wind power.” Which translates as: the EU have been using tariffs to prevent Taiwanese chips being imported to Europe, and as a quid pro quo for reducing them want the Taiwanese to buy more EU agricultural products & wind turbines. WTAF. Are companies like Volkswagen aware that the main reason they might not even *have* a business in five years, because they can’t actually make any cars they are trying to sell without those chips, is that the EU have been busy playing pissing up the wall games with Taiwan? Well, they are now….OMFG has the shit hit the fan.

Researchers claim quantum device performs 9,000-year calculation in microseconds

Justthefacts Silver badge

Cynical but accurate

However, there is a significant point. The computational complexity folks have a strong record of being able to recast one type of problem as another. SAT problems etc. That’s where the whole NP Complete thing comes from: any problem in that complexity class can be numerically recast as anything else in that class, with only polynomial-time additional complexity.

As I understand, nobody has *yet* been able to connect Gaussian boson sampling to more interesting algorithms. That’s a separate problem. Probably that will be solved by high-power mathematicians in years rather than decades. Once that has been done, there will be a polynomial-time “trick” to convert your more interesting but exponentially hard problem to one stated as GBS, solve that on this quantum computer, and then convert the result back.

It’s a bit like Fourier transforms O(N^2) seem only useful for some quite particular physics problems, but then once FFTs O(NlogN) were invented, *so many* unrelated bits of computation started using them.

So that’s really the point of all this quantum stuff.

Dutch public sector gets green light to use Google Workspace

Justthefacts Silver badge

Re: Uncle Sam

Oh and “Hint: where was Schrems II adjudicated?”

I wasn’t asking you to parrot the excuse given as to why the supra-national body took the decision, rather than the national one. I’m simply pointing out that in any case where there is real doubt or political decision to be taken, the decision *is* taken by the supra-national body.

National body is basically the bored night-sergeant at the front desk checking in the drunks on Friday night. It’s not that his superior overrules him, it’s that a decent rank-and-file knows when to call his boss in.

Justthefacts Silver badge

Re: Uncle Sam

Indeed by definition MPs shouldn’t intervene in an investigation run by an independent agency. Where you and I differ, is whether such an *independent* agency should exist in the first place. And this is nothing to do with Data Protection.

The way we (always have) done things in the UK is that we have a democratically elected Parliament, who can make what laws they damn well please until removed from power by the electorate. The Civil Service have traditionally no independence at all. By design, because we deeply distrust and despise non-elected people with such authority, and with good reason because all such states ruled by “experts” have proven to be quite savage dictatorships within very short space of time. Plus we have an *independent judiciary*. That is our separation of powers. There is simply no such thing as a non-elected entity with rulemaking authority that is not the judiciary. That’s how we do it. If you don’t like it, then frankly go f* off to a Napoleonic code country where they choose to do things differently, and also BTW have politically appointed judiciary

. In the past two decades there has unfortunately been a creeping “independent quango” cancer in the UK affecting many areas. Deeply dangerous. Not imposed by the EU, but also not entirely unrelated to the mindset with Tony Blair and his cronies.

So, no, I don’t think MPs should “intervene”, because I think these issues should simply be decided by elected representatives in Parliamentary Committee. The way our unwritten Constitution has always done it.

Justthefacts Silver badge

Re: Uncle Sam

Some are, some aren’t. In Germany, it does *not* report to Parliament. It’s an “independent federal agency”. The Commissioner is appointed by Parliament, and gets its budget from national, but is “under no external supervision”. Once appointed, Parliament can’t remove or censure. It’s a judicial system, not a civil service department. You can argue whether that’s good or bad, but they *dont* report to Parliament, neither can they be dismissed nor censured in any way.

https://en.m.wikipedia.org/wiki/Federal_Commissioner_for_Data_Protection_and_Freedom_of_Information

“Intervenes in a case….they’re not supposed to”. Yes, you do agree with me. So what happens when people do what “they’re not supposed to”? They get prosecuted for breaking the law. My original statement and point was: this isn’t the *Dutch governments fault*. As an MP they can’t just randomly decide “we shouldn’t do X because it contravenes GDPR”, if an independent body has explicitly said “no it does not contravene GDPR”. They would be doing exactly what you said they are not supposed to. They would be contradicting a judicial system. The system has cut the legs out from under them.

“They apply national law”. No, that’s not correct. It’s so much more complicated than your list. That’s one of the problems. They now have to account for what is done cross-border, and also apply other countries laws inside their own borders. It’s madness.

https://techcrunch.com/2022/04/28/cjeu-gdpr-consumer-litigation/

But anyway, by the end of this year all the GDPR is being changed to remove the derogations, and national entities won’t

National courts do *not* have primacy. Not only the national court can apply to the ECJ, but also the losing party to any case, which happens almost every major case. ECJ has heard well over 100 cases.There have only *been* 1400 cases. 10% of all cases go to ECJ. So whatever you think in theory, the practice is different. Hint: where was Schrems II adjudicated?

Justthefacts Silver badge

Re: Uncle Sam

Which bit do you disagree with?

That the National Data Protection agency is a quango, not under governmental control?

What happens, in your view, if an MP supervenes?

What law do *you* think they apply?

Which court do you think has primacy?

Unless Sneerclub writes its position down, it’s difficult for me to provide link explaining why what you think you’ve been told doesn’t match the legal reality.

Justthefacts Silver badge

Re: Uncle Sam

In this specific thing, that statement was exactly correct. As *you* know no doubt too.

While it is correct that the enforcement is derogated to “National Data Protection authorities”, these are *appointees*. They are specifically designed by law to be independent of national government. And the only law they answer to is EU law. The ultimate arbiter is the ECJ.

An MP who attempted to interfere with that process, even if they ran on a public platform and had 100% approval to do so, can and *would* be extradited to stand criminal trial.

You really have no idea what you are supporting, do you?

Justthefacts Silver badge

Re: Uncle Sam

Well, it’s hardly their fault, is it? The rules on privacy and tech giants etc are set by the EU Commission. National governments have no more power in this than a bunch of blokes chatting down the pub. As long as the Commission decide their rules are adhered to, intervention by governments would be not just illegal, but actually a *criminal* matter against the Dutch MPs involved. Sedition isn’t just a fancy word. Ask Carlos Puigdemont.

World’s smallest violin.

You supported this system when they handed down decisions you approved of. You can hardly complain when the decisions go the other way.

Foxconn factory fiasco could leave Wisconsinites on the hook for $300m

Justthefacts Silver badge

What would Chavez do?

When considering whether to confiscate foreign-owned assets, to cover the consequences of my own ill-judged internal policy, I always think to myself:

What would Chavez do?

About half of popular websites tested found vulnerable to account pre-hijacking

Justthefacts Silver badge

Re: The problem is convenience

Well, yes, I do sort of agree. I handle that a bit differently by having different root passwords for different categories of stuff. Throwaway (assume that these *will* be compromised, but all they know about me is my email address), Low Security, Medium Security, Critical, Financial1, Financial2

Low security doesn’t have card details.Medium has card details.Critical and Financial must have 2FA.

And when I had an employer, that was different too.

Justthefacts Silver badge

Password managers

*All* of those clever password managers are effectively Single Sign On. Doesn’t matter whether it’s something open source like BitWarden. Or explicit but from a hated megacorp, like using Chrome to generate and store your passwords in-browser. Or distributed to an online website, like Facebook login.

At core, it’s all the same security issue. You can’t *reliably* store N different keys in your brain. Therefore you have to put all the keys in one cupboard and lock them with one master key. If that master key gets compromised, you’re screwed.

Justthefacts Silver badge
Unhappy

Re: The problem is convenience

Yes, but how does that help from getting bypassed by password recovery? Most websites allow you to recover simply from your email, in which case email account becomes the Single Point Security Failure. If the email is 24characters, presumably that’s either password manager (just moved the issue left one link), or you use CorrectHorseBatteryStaple, in which case the problem is that hackers read xkcd too, and that’s only 56 bits of entropy really.

I’m not criticising, rather I think that there’s just no good way to be secure with passwords only, should be 2FA.

RISC-V needs more than an open architecture to compete

Justthefacts Silver badge
Stop

Re: The biggest catalyst for the adoption of RISC-V...

Andes have *not* shipped ten billion RISCV cores. You need to read more carefully what they say on their own website:

“ cumulative shipments have surpassed 10 billion” ok……and read more carefully lower down:

“What’s more remarkable is that while 1% of Andes-embedded SoCs shipped are based on RISC-V, 99% are contributed by Andes processors of the third-generation architecture (V3) over the years”.

So, they’ve shipped 1% of 10billion = 0.1billion

http://www.andestech.com/en/2022/03/08/andes-technology-announces-over-10-billion-cumulative-shipments-of-andes-embedded-socs-and-records-all-time-high-annual-and-monthly-revenue-in-2021/

I’ve tunnelled into the 2billion quoted by sifive too. If you go closer, you’ll discover that isn’t cores *shipped*. In fact, sifive has no means to even know how many cores have been produced. Almost all of these are *licenses* at bulk rates, not royalties. It costs about $300k to $600k to *license* a core from them to ship an infinite number. The only purpose of the “cores shipped” statement is for them to take it to their lenders and investors and say “see, we have a business”.

This is a company whose *total revenue* is in the low single digits millions

The amount of silicon they themselves ship is not precisely known, but never in commercial volume. They’ve been unable to supply, probably because they’ve hit yield problems, which is why they’ve shifted over to partner with Intel for production on Horse Creek.

Justthefacts Silver badge

Re: still not getting it

I’m not so familiar with the laptop market. But in smartphones, Apple also have 15% market share. However, they make *50%* of all the profit. At the other end, the “bottom” 50% of the smartphone volume market….make *5%* of total smartphone profit.

And worse still, if you look at the bottom 25% of smartphone volume….they are operating at *net loss*. That’s net loss, despite the fact they have zero R&D. It’s not even remotely sustainable for a Western company, and not intended to be. That’s China subsidising it’s local market. Capitalism doesn’t have to work the way you like.

If you *want* the EU to be in the same position sponsoring all its manufacturers to make net losses on RISCV, go right ahead.

Justthefacts Silver badge

Re: The biggest catalyst for the adoption of RISC-V...

Are you under the impression that 2.5billion cores shipped (over a four year period) is a big number?

See, this is your problem. ARM has shipped 200billion cores. For all the trumpeting, RISCV has shipped *1%* of ARM. ARM ships about 2billion cores per *month*. And ARM are by no means the only player at the low end. A quick Google finds - about 25billion PIC controllers, for example. And most engineers can name another dozen MCUs that *each* shipped 25 billion cores.

2.5billion RISCV cores, over a multi year period, doesn’t put it in the top ten, I’m afraid. And likely never will.

Justthefacts Silver badge

Re: still not getting it

There’s engineering opportunities all the way up the capability stack, but I agree the majority of the revenue comes from the broad base. If that’s “most important”, so be it.

But where on Earth are you getting “ RISC-V offers a price advantage and an extremely competitive performance and power efficiency.”? That’s demonstrably and factually opposite to the truth on all three counts. Why are you saying these things? Name *one* RISCV chip that wins against its specific competition at that market point. One.

“If you need some sort of special fixed silicon integrated”. Like what. *Exactly*? This is *incredibly* rare. At each level of the embedded market, there’s already a solution that does essentially what you need, and very efficiently. If you just want a control logic, there’s MCUs that are cheap, efficient, and the software will wiggle the pins appropriately.

There just *isn’t* a use-case for that much specialist silicon, where you want to tightly integrate it into the CPU. Because if you have a special application that needs to, say, exponentiate the Wronskian of a 14-dimensional matrix of quaternioms very efficiently, guess what you do? Same as we’ve been doing for twenty years. Code up a silicon accelerator IP block in Verilog, hang it off the memory bus, and for extra credit bodge on an RDMA so it doesn’t tie up the CPU to load the data. Leave the CPU alone. The rationale for integrating it as an *instruction* into the CPU is incredibly weak.

Justthefacts Silver badge

Re: Plenty of reasons to choose RISC-V

If your design or use is affected by ITAR…..then your *first* hurdle is the ITAR status of the FPGA hardware. Almost all the FPGA manufacturers are US: Xilinx, Altera, as was. Selecting a particular IP core as being non-US, and slapping it down on a US part is just such nonsense.

Of course, if you are implementing on that EU BRAVE shit, you are so far lost from real engineering that it is no longer worth discussing.

Justthefacts Silver badge

Re: Embedded FPGAs

Why?

Given that most of the FPGAs of the size that you’d want a CPU core on, ship already with a hard ARM core on, for free. You either use it, or it sits idle. And it runs at 3x clock speed a soft core will.

Or, you buy a cheap teensy little FPGA that doesn’t have a hard embedded CPU on it, and just use any of the over a dozen free CPU soft IPs that you’ve been able to download for over twenty years now. Microblaze, openMIPS et al.

I know bad engineers tend to put this shizz onto their designs to pad their CVs out with buzzword bingo, but honestly it’s not doing you any favours.

Mysterious firm seeks to buy majority stake in Arm China

Justthefacts Silver badge

Re: Chinese communist party

To be fair, in Germany, “workers representatives” have automatic 1/3 or 1/2 representation on the “supervisory board”, which in turn has the power to dismiss the management board in part or whole.

And most very large French companies have a “Golden Share” owned by the Elysee Palace.

Other countries don’t have to do things the way the same way as your own. That’s pretty much the definition of a country.

Will this be one of the world's first RISC-V laptops?

Justthefacts Silver badge

Re: Some serious questions.

ARM doesn’t allow you to remove instructions, but they do allow you to add your own:

https://www.arm.com/technologies/custom-instructions

It’s not widely taken up commercially, because *it’s not actually a very good idea*. As ARM explain in their white paper, making a co-processor is a perfectly good alternative in most cases.

The main benefit of having custom instructions is having very low latency 1-3 clock cycles, which probably has its uses, but very, very rare. Almost always when you want to optimise something, you are looking at something in a tight loop, which means operating on a body of data. Then it’s not only more efficient to do it full-custom silicon copro rather than faffing with CPU registers, and hogging CPU data bus bandwidth. But it also avoids reverifying and re-place and routing the CPU core (signigificant cost and risk).

I’m not saying it’s *never* useful. But I have worked on half a dozen programs where this has come up, and in the end after careful tradeoff, the answer has *always* been a copro. I’d be interested to hear from anyone where the correct answer has genuinely been to add a special instruction - not an R&D project, but one which released a chip that was commercially successful.

Justthefacts Silver badge

Re: Some serious questions.

“Wild” is changing CPU family, just because of differences in how some module manufacturers hook up the pin out on the module.

“Intel for some reason”….but we all know what the reason is. A small niche customers apparently care, and there is a solution for them, at the module level. If it were a larger niche, Intel would make a separate CPU without ME. But that would increase costs, to support more SKUs, and they assess that having the module manufacturer solve their problem is just fine. This isn’t really that complicated.

It’s just nonsensical to say “[RISCV] is a CPU architecture that doesn’t have this feature”, because the feature isn’t part of a CPU core architecture at all. And even if it were, RISCV is an ISA, not an architecture. What I think you are confused about, is that you really mean “Intel has this chosen to implement this feature [on x86 chips], whereas the companies that would like to manufacture RISCV chips if they could make it commercially viable, currently have no plans to implement the feature”

If you think the chip that Esperanto or SiFive make is so great, buy it! Oh look, *they aren’t selling them as a volume proposition*. Look what happened to SiFive:

https://www.sifive.com/boards/hifive-unmatched

Take a step back. Really?

NOTE: Due to incredible customer demand, we quickly sold out of our production run of HiFive Unmatched boards; with COVID-related supply chain issues, we have decided to focus on the upcoming, more powerful development system based on the Horse Creek SoC and platform co-developed with Intel rather than trying to restart HiFive Unmatched production.

So….they sold “ a lot” whatever that is. But couldn’t make it at the price they needed to sell it, and had no industrial muscle. I bet *I* can sell lots of ten pound notes at five pounds each. It’s not hard.

And at a time when every other semiconductor company was making out like bandits….they decided *not* to attempt to sell stuff; and partner up will Intel instead. That’s Evil Intel to you.

Do you think this Horse Creek SoC will have an ME on it? Bet it does.

Justthefacts Silver badge

Re: Some serious questions.

“Ah, you’ve picked the wrong implementation”….

Your problem as the manufacturing buyer of the chip for an electronic end product, let alone the end consumer, is knowing whether such guidelines have been adhered to.

Currently, you know your chip has an ARM Cortex on it. That’s really all you need to know. It’s a brand, and tells you how much real engineering stands behind it.

But *by definition* if open source becomes a thing, brand defining security reputation disappears. You tell me that Esperanto is good. I have no idea. That presentation certainly doesn’t fill me confidence, it’s very surface schmooze, he obviously doesn’t understand the deeper issues. But if Esperanto becomes the new ARM…..then that’s all it’s done. A new proprietary leader.

Please tell me that the open source world understands Spectre deeper than that Esperanto guy. Otherwise we are in for a world of pain.

Justthefacts Silver badge

Re: Some serious questions.

I’m not debating the threat model. All you’re doing is saying “Intel made a bad security decision, and I don’t like it”. But people who agree with you, apparently are provided in the market anyway. ME-disabled modules exist.

This is *not* a silicon issue. It’s just *wild* to jump and want to leave the x86 ecosystem entirely.

Plus, it doesn’t address the problem *at all*. Let’s say it succeeds and RISCV becomes widely available. Many RISCV manufacturers are bound to put remote management cores on their silicon too. The EU has proposals to *legally require* them to, to enforce a secure networking enclave around the whole of Europe, but that’s another matter. Now you are faced with several different RISCV implementations; if you pick the one that happens not to have put a remote management core on, their *core* RISCV is still proprietary implementation. It will have its own CVEs. Just like Spectre has been mitigated for Intel silicon, every single distinct RISCV implementation needs its own security analysis and individually specified set of CVE workarounds. So what have you gained?

Justthefacts Silver badge

Re: Some serious questions.

The other thing that is important to consider about RISCV security: Unlike Intel or ARM, there is simply no canonical RISCV implementation that we can have confidence about vulnerabilities, nor even a definitive set of such. This will not be like “Pentium has a floating point bug”. It will be “some significant proportion of the worlds CPUs are vulnerable, but we don’t know in which products and can’t check”. Think Log4j, but *in hardware*.

So, for example, in 2018 people were worried about Spectre/Meltdown, asked about RISCV, and SiFive categorically said “well, we are not affected…..[because we don’t use out-of-order speculative execution].

Spin forward to 2022, where there are lots of out-of-order RISCV implementations. So I took a quick squizz at the top hit on GitHub. This one:

https://github.com/rsd-devel/rsd

What I can tell you from inspecting the Verilog is that this specific implementation as of today * is definitely vulnerable to Spectre*. There don’t appear to be any bug reports, so I don’t think anyone has even thought about it It’s touted as being “very fast, low footprint, works on FPGA”, so probably the authors weren’t that interested or skilled in security. No, I don’t have any interest at all in “responsible notification” or helping fix their code or any of that shizz. Nor in finding out how many other RISCVs are vulnerable, or which ones we should care about, nor going down the classic excuses of “works on my machine”, “fixed in tomorrow’s version” or “Yeah that microphone driver never worked on Pop, try Mint instead”.

Justthefacts Silver badge

Re: Some serious questions.

Sorry, you’ve totally missed my point. The remote administration is simply Intel exposing “the Crown Jewels” via an authenticated interface to the outside. *All* platforms have “the Crown Jewels” exposed at the silicon, but the others simply don’t route it out of the module.

“Trusted Execution Environment” makes zero difference, if someone can attach directly to the chip pin out and single-step your code with breakpoints. This is nothing to do with threat model, or whether it is realistic. Simply that if you are unhappy with the remote administration, your problem is with the module, *not the silicon*, and it is the module you need to fix which isn’t even made by Intel.

Justthefacts Silver badge

Re: Some serious questions

Fine. I didn’t know that. I’ve got no issue with that.

We agree then, it’s just not a big deal to design the external module to bypass it, and it’s fully commercially available to those who want to. I’ve got no idea how the bypass module is priced, as that depends more on customers willingness to pay on a niche product. But the additional manufacturing cost is unlikely to be more than a couple of quid for a small flash. Hooking up a couple of pins differently on the PCB and a one-dollar chip is just nothing to consider jumping to a totally different CPU family.

Justthefacts Silver badge

Re: Some serious questions.

Like I said. Those Intel CVEs refer to external people being able to hop directly from USB to control chip internals, *incorrectly without authentication*. On the RISCV chips *there’s no authentication to start with*.

What you probably don’t know (I’m assuming based on your comments), is that pretty much every chip ever has been available to hardware debug over JTAG, connected to your outside PC by a USB to JTAG debugger bridge, and in the last couple of decades that USB has been integrated into the chip.

You can *always* single-step the entire chip, write anything you want into any register, read back all data without hindrance, and disable any security. Over the USB. For obvious reasons, that’s a security problem. So for consumer PCs etc, the USB debug port is not connected to anything one can access from outside. At the *chip module* level, not silicon. Effectively, Intel have said you can leave in that connection off-chip by adding an authorising on-chip entity.

RISCV chip implementations discussed have *no authorising on-chip entity*. If you just look at the silicon, if you hooked up to the debug USB, you simply have complete root access to the whole thing, single-stepping and everything. The only Defense is that the module manufacturer didn’t hook up the Debug USB to the outside. That’s it. That’s really all we are talking about.

Justthefacts Silver badge

Re: Some serious questions

Motherboard manufacturers can do it, as an optional extra, if there were a demand, not “granny”.

[also, not a firmware for the ME. Effectively an external BIOS that bypasses and disables the ME.]

But obviously, Normal Human Beings *don’t* care, they can just have a standard mobo that leaves ME enabled. It’s *your* hypothesis, not mine, that there is some “security-conscious” customer somewhere who does care, enough to pay £20 extra for an extra widget on the mobo. I’ve seen no evidence other than the fevered imaginings of this board that anybody anywhere cares.

Justthefacts Silver badge

Re: Some serious questions.

I’m not expecting everybody to be able to do this. My skills are relatively orthogonal to most IT people - there are many “very basic” IT-type tasks that I don’t have any knowledge or skills in at all, I’m far more on the hardware/embedded end.

I’m simply pointing out that, if, as claimed, Intel ME is such a big deal to the end-customer, it’s relatively easy and cheap for a middleman to design & make a specialist module that takes it out of the loop. And if the hobbyists can’t get one made, they should just shout across the wall to some decently-skilled embedded-specialist mate. It’s far cheaper and lower impact to do that, than upend the entire CPU ecosystem.

But, as a matter of fact, I *don’t* believe Intel ME is a real problem to anybody but the chattering classes looking for a stick to beat Intel with. I can’t think of any *real* reason to worry about it’s security other than shroud-waving: any secure system is going to be air-gapped anyway, plus TEMPEST etc. If you are worried about someone reaching in through the ME, then why aren’t you equally worried about people snooping in over the JTAG and the debug buses for RISCV? On RISCV, it’s open season for hunting pheasants. Or Differential Power Analysis? Have any of RISCV implementations been checked to be DPA-safe? No, of course not. Or anyone snooping the airwaves for radiation from the memory bus? Do any of the RISCV implementations support native encrypted RAM? No, of course not.

“Worries” about Intel ME are just FUD with an agenda.

Justthefacts Silver badge

Re: Some serious questions.

Sigh. If this is *really* your beef with Intel, it’s fairly easy to disable Intel Management Engine.

No, you can’t do it “from within Linux”. You will have to connect to the underlying hardware via HW debugger, and have read the actual CPU documentation properly. But it’s perfectly within the capabilities of a decent software engineer with embedded experience.

The “difficult” bit is rewriting what are effectively drivers (from my POV) that now need to be external, for the main CPU boot, to take over what the IME is supposed to do. But of course, once you’ve written a script, then it’s done.

I wrote one (various reasons, practical engineering rather than paranoia related), but since I’m only an average rather than a great software engineer, it’s a bit flaky and targeted to the one specific CPU running our kit.

If this were a real problem, it would be fairly easy to productise this onto a consumer module….if the alternative is “investing” hundreds of billions of taxpayer money into re-inventing the entire semiconductor supply and design chain on nationalist grounds.

The sad state of Linux desktop diversity: 21 environments, just 2 designs

Justthefacts Silver badge

“Blind people”

Blindness comes in a dozen forms. A few can’t see anything. Many can only see a small central portion of vision. Many others have very blurry vision, for some of whom that little magnifying glass thing allows them to operate well in the world of computer work. I’ve known two developers and one (very good) technical software manager like that. Some struggle with distinguishing colours due to cataracts. Many struggle with glare. Some are blind in one eye only, which you might not think makes a difference but it really does on some tasks.

Justthefacts Silver badge

Fairly obvious why its the same-but-different

The most important feature of the desktop is that it should work relatively intuitively compared to the users experience. The users have experience with Windows. Hence, it should “work like Windows”. That’s why Linuxes look the same: the ones that don’t, have six users.

The rest is just “where have you put my things”. A tribal war has built up around choice of “where have you put the things”. It must be very similar to Windows, but equally not the same (otherwise the We Hatez Windoze crowd won’t use it). Therefore, the options sit on a self-organised edge orbit around Windows.

MS Windows, of course, is exactly the same. Win95 through 7,8,9,10,11 are all functionally identical “does the same stuff”. It can’t be really different, or people won’t use it as its “not Windows”

But it can’t *be* the same, otherwise people won’t pay to “upgrade”.

We can bend the laws of physics for your super-yacht, but we can't break them

Justthefacts Silver badge

Re: NICE TRY

The DK effect is both meta, and meta-meta.

It’s meta because (contrary to what “everybody knows”), it does *not* claim that people who know less are *more* confident in their opinion than those who know more. What the data actually show, is that people’s confidence in their ability is essentially uncorrelated to their test scores. DK actual graphs just show everybody thinks they got 60-70%, whether their test score is 10% or 90%. It doesn’t really show people being over- or under-confident. They just don’t actually know how they did at all.

What makes it meta-meta, is that D and K think that “test scores of college students” are a good metric for “people knowing stuff”; similar to almost all psychology experiments. It’s actually terrible science, although it’s the way most psychology research is done.

Many important applications of expertise are stuff you can’t just look up: e.g. “best practice” in several professions, politics, economics, law. There’s research there too. Tetlock. And the answer is…drumroll…..it’s experts who do very little better than chance, and experts who vastly overestimate their righteous confidence. Tetlock has loads of data on the aggregate accuracy of 284 experts on 28,000 forecasts, over two decades, from international affairs to constitutional lawyers on the outcome of Supreme Court judgements, to economics. Basically, their opinion is worth a coin-toss.

https://www.researchgate.net/profile/David-Dunning-2/publication/12688660_Unskilled_and_Unaware_of_It_How_Difficulties_in_Recognizing_One%27s_Own_Incompetence_Lead_to_Inflated_Self-Assessments/links/55ef043008aedecb68fd8f4e/Unskilled-and-Unaware-of-It-How-Difficulties-in-Recognizing-Ones-Own-Incompetence-Lead-to-Inflated-Self-Assessments.pdf

https://www.smithsonianmag.com/smart-news/why-experts-are-almost-always-wrong-9997024/

Micron dangles predictable memory price agreements in front of vendors

Justthefacts Silver badge

They’ve learnt from the banking sector

This is very, very naughty.

In the first few years of the coming DRAM business cycle, DRAM prices will fall as they always do, and Micron shareholders will make out like bandits.But in 5-8 years time…..they will have signed the next cycle of lower fixed-price contracts, and there will be a “totally unpredictable shock” (like there was for the banks in 2008) as DRAM supply struggles to keep up with demand. Possibly related to Taiwan/China geopolitical, but there’s always something. And Micron will be unable to supply at the price contracted, that’s how contracts work, you can’t just raise prices to avoid delivering demand. Then Micron lose money hand over fist, stare bankruptcy in the face. And out will come those leeetle begging hands and pleading eyes “please US government, you must save US industry, imagine how bad it would be for economy if we failed and US industry had no access to US memory chips”. And then the cheque book will come out, and hundreds of billions will be siphoned from US taxpayer to shareholders, over the full DRAM business cycle.

This is how the game works now. Let that be a lesson to those in the EU, who want to “invest” tens of billions into subsidies for the capital-intensive semi industry. You’re writing a blank cheque medium-term for at least hundreds of billions transfer of taxpayer money to semiconductor firm shareholders. It just becomes impossible to say No.

Europe's GDPR coincides with dramatic drop in Android apps

Justthefacts Silver badge

“The enemy” is not who you think it is

You seem to have an idea that all the GDPR baddies are evil spammers. They’re really not. Here’s a website that actually tracks *who got prosecuted* for GDPR.

https://www.enforcementtracker.com/

Let’s take a quick look through, to see what type of organisations are on it, shall we? A corner store shop; the City of Reyjavik; Belgian National Railway company; a Norwegian Municipality; a couple of hospitals; a doctor; a dental clinic; a cafe; a taxi firm (5 employees). I’m barely cherrypicking at all - that’s ten out of the first twenty on the list of 1158. The main thing that really connects these “villains” is being poorly run public utilities, and exactly the sort of companies that we *shouldn’t* spend public money prosecuting.

Your mental model of what this is really about, and who is affected, is just totally broken. You really think that the greatest evil in the world is being committed by two hospitals, a dental clinic, and a GP? *The City of Reyjavik*?! This is a modern witch-hunt. It’s not based in reality at all.

Starlink's Portability mode lets you take your sat broadband dish anywhere*

Justthefacts Silver badge

Re: Aircraft are in the open air

Not really.

Aircraft can *also* travel above oceans, which have waves. Extremely reflective surfaces over scales of several hundred square kilometers, with random fading characteristics due to Doppler on the sea state. Aero terminals have to be qualified against several sea states from Calm, to Hurricane Atlantic.

Aircraft bank at large angles, so even though the antenna is “on the top” of the aircraft, some antenna sidelobes do reflect off the sea. And since the reflective surface is up to 13km distance, that corresponds to an extremely large delay spread - for 4G we usually talk about delay spreads of a couple of microseconds, while for aero it’s 100 microseconds, which drives some unique challenges for equalisers and signal design.

Aircraft don’t turn “quite slowly”. The *vector acceleration* on a commercial jet is up to 4m/s2 maintained for a couple of minutes. That’s a huge Doppler change. The “normal” way to handle Doppler for fixed satcoms to LEO satellites, is to pre-compensate from the known orbital position of fast-moving spacecraft, and GPS location of terminal. Unfortunately, the maths just doesn’t quite work for aero, because the vector direction of the aircraft changes faster than the reaction time of the GPS and gyro units; if you crunch through the error budgets, you’ll find it’s the acceleration multiplied by the loop response time that kills you. So the receivers on both aircraft, and ground infrastructure must dynamically estimate Doppler open-loop, a rather different receiver structure.

I don’t really understand your point about ATC separation. Satellite regions/beams are huge, on the order of hundreds of kilometres. The whole of Europe is only probably a dozen beams.

Justthefacts Silver badge

Re: Finally a solution for in car satellite radio?

Are you assuming that LEO satellites just will have more power density to ground than GEO?

If so, that’s wrong. It *may* be sometimes correct, but there are too many other factors to make it a useful guide. Distance is not the only measure.

First off, a typical GEO is about 10x larger than a typical LEO, which means 10x solar panel size, which means 10x electrical power budget.

Second, GEO satellites can have truly massive antenna dishes, 10-15m+, which goes most of the way to mitigating the orbital distance penalty.

Third: at each power level, you have to work with power amp technologies and modules that actually exist and can be procured, not just extrapolating off the end of a graph.

Fourth, cost,cost,cost

There simply isn’t any way to definitively decide whether GEO or LEO has the advantage, other than doing a full costed system study end-to-end. When I were a lad, in the first 5-10 years of being a satellite design engineer, I was convinced that if one could only understand it at a deep enough level, you’d be able to intuit it from first principles. After twenty years in the industry, and personally being involved in, and then running, over a dozen system studies, I accepted the brutal truth. There’s no shortcut. You’re going to need to do the detailed work, and it will take ten experienced engineers a couple of months to calculate the right answer.

Justthefacts Silver badge

Re: Hmmm

He did. He was wrong. That’s impossible for good technical reasons. It costs at least double to provide mobility. He should have known that, but he didn’t because he doesn’t know much about telecoms. But he’s learning.

Justthefacts Silver badge

Re: "If Starlink detects a dish isn't at its home address, there's no guarantee of service"

Sigh. No, it’s very different. Engineering modems to be able to cope with mobile (fast-fading multipath) is complicated. Mind-bogglingly complicated and expensive. Total global R&D is about $30bn *per year*, for a decade, of which probably a third or more goes on solving just that one problem.

Elon is *launching* thousands of spacecraft. Plus building those spacecraft. Plus designing the modems on those spacecraft. His total available R&D spend for modems is maybe at best 2% of what 4G cost. How much are you expecting him to add engineering effort on, for a use case that doesn’t exist yet, and that *you don’t even want to pay a single cent for*. I can tell you how much engineering he did on that use case: he allocated exactly as many dollars as you are prepared to pay for it, on top of the Fixed case. Zero.

It’s no use whingeing “but the Fixed scenario is already expensive”. Yes. Yes it is. It has to pay for thousands of spacecraft, more by a factor of ten than have been built in the history of humanity. What were you expecting?

Justthefacts Silver badge

Re: "If Starlink detects a dish isn't at its home address, there's no guarantee of service"

Well, an aero sat terminal normal cost price $30k for a cheap one, $250k for one appropriate to a commercial jet.

If Elon is selling you the same terminal for the $1k you’re paying for your home Starlink terminal, then you’re getting an exceptionally good deal.

Suggest you buy the home terminal capable of aero terminal functionality ASAP at a saving of a smidge under a quarter of a million dollars. Before Elon notices what a doofus he’s been.

Justthefacts Silver badge

Re: "If Starlink detects a dish isn't at its home address, there's no guarantee of service"

Yes. Yes it is. Do you not have a satcoms engineering background?

One word: multipath

Two words: Rayleigh fading

Three words: Savage fast fading

Justthefacts Silver badge

Re: "If Starlink detects a dish isn't at its home address, there's no guarantee of service"

There are more and less congested regions of the earths surface. Obviously, Starlink are going to allow new subscribers in the less congested regions, but will have to cap capacity in the more congested regions.

The fact that the satellites are moving is irrelevant. At any one time, there is a maximum of X satellites above each location to provide service.

As to the mobility angle, I think you are thinking about the Doppler, no that also makes a difference. 7km/s for line-of-sight does cause Doppler, but in a pretty trivial way to compensate. But as soon as you are driving through areas, you need to think about reflected signals and that means compensating for Rayleigh fading. It’s a very,very different problem.

India: It would be fab if Intel and TSMC built plants here

Justthefacts Silver badge

Re: This is nonsens

There’s a perfectly cohesive message. It’s so easy to raise placards that “something must be done”, when you see evil abroad in the world. What’s much harder, is to identify who you can safely give anti-aircraft missiles to. Simply as a matter of historical *fact* foreign interventions tend to result in more death and destruction, than sitting on your hands. However well-intentioned.

Simple example: *with the benefit of hindsight*, please describe how the West should best have intervened to prevent al-Assad murdering his citizens with chemical weapons. Taking it as read that what we *actually* chose to do was well-intentioned, unsuccessful, resulted in many more deaths, and actively resulted in consequences opposite to our intent. I’d like the actual names please of some leaders and organisations who we should have given weapons to, and how the support should have been done.

If you can’t pick the moral, successful action *with hindsight*, what hope have you to get it right in Ukraine?

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2022