Posts by bombastic bob

Re: I'm surprised that anyone is surprised that a Chinese owned or controlled company would do this.

"You cannot just solder a chip on a board to have it spy for you."

well the allegation is that they had modified the board's design. The manufacturer has the gerber files [or whatever has the design on it], and it wouldn't take a lot to edit those to include a "something" to which a new chip would be soldered [or embedded within the layers even].

I understand the tech to embed devices between layers has already been used by Apple, or so I've read. In some cases it might be highly useful to do that [example, power supply bypass capacitors or a resistor array]. Series resistors are often used to abate 'unintentional radiator' signal noise, and so a resistor array conveniently placed between IO pins and their destination INSIDE of the board would be convenient (assuming it could be done).

In any case the tech apparently DOES exist to insert components. So the allegation is PLAUSIBLE and that's fear-inducing enough. Whether or not a manufacturer can be bribed/strong-armed into actually DOING that is another story.

And if it's on an SPI bus between a BIOS ROM and an SoC, such that it could re-program the BIOS slightly during a flash update, or read 'special instructions' in place of the ACTUAL flash, it could be pretty bad.

/me considers Intel's ME being invoked, for example. It might not take a lot of 'extra instructions' to make that happen, nor to cover its own tracks afterwards, and to invoke the on-chip LAN to "phone home"... and listen for commands while running.

which means that a call for a hardware mod to SHUT OFF Intel's Management Engine [with a jumper, let's say] now makes even MORE sense.

Re: @bombastic bob

Re: manufacturing in China "there's little you can do about it"

well, I've had at least SOME influence on manufacturing choices (for customers) in the past. I assume the future isn't going to be much different [my line of work being related to that]. So if a customer says "make in China" I have one specific alternative U.S. based pic-n-place board builder to suggest instead, and possibly one in Mexico as well, and I might even reference the Bloomberg article when it comes to determining manufacturing 'outsource' choices.

I'm sure others might do this as well, too, and that's the point. Outsourcing your manufacturing to China is less attractive, now, for many reasons. And Mexico is looking a lot better.

/me sometimes gets bare boards done by a Canadian company. Fast turnaround, good quality, ok pricing for small quantities. More expensive but I want my Monday AM design back by Friday, and usually that happens.

Re: Size matters

20 vias along the edge - yeah, depending on bus width, that'd do it. But to have something operating at Ghz frequencies to be able to filter AND re-order information, it would take a very sophisticated device, sophisticated enough that the tech is being wasted on something devious instead of making new types of CPUs or GPUs [for example].

"if an USA owned or controlled company was doing the same."

I would be _extremely_ surprised if a USA company did something like this. After the lawsuits shut down their company and drove it into bankruptcy, the principal board members might actually face criminal charges. The legal bills would be enormous (breech of contract being #1 on that list).

We don't have a supply bottleneck here that involves the government (aka government 'owned' companies), nor a somewhat oppressive communist government that has the will [and ability] to demand/coerce that kind of cooperation from its citizens. The mistrust of government in THIS country is pretty overwhelming. Finding someone who'd put up with that would be difficult. People would quit their jobs first, before cooperating (not THAT hard to find another one, ya know?). And, some people live to be "whistleblowers" for things like that, with its instant fame, TV interviews, and book deals.

I doubt that anyone in the UK would try to get away with something like this either, for similar reasons. Nor the EU in general. Russia, on the other hand, might try something like that. But we don't buy "Made in Russia" stuff all that much, do we?

Re: "It is bonkers to think it would have screwed up a story this huge"

if the bloomberg reporter was passing along unconfirmed information, they should have been a bit more careful about how it was stated. As written, it seems to be an expose of a massive scandalous breech of contract by manufacturers in China, with crimes no doubt committed on both ends of the Pacific.

However, if it's all FUD and headline trolling, Bloomberg deserves shame and ridicule for it.

I'd say the same for ANY news source, regardless of their political slant. I've said things like this about [P]MSNBC as well as [F,C]NN and the 3-letter networks in the USA (ABS, CBS, NBS - ok not 'BS' but ABC,NBC - still it's a nicname they deserve].

So if Bloomberg is now engaging in the SAME kinds of "fake news", they deserve whatever happens to them as a result of it.

HOWEVER, if the facts show that Bloomberg is RIGHT, then we have a serious problem here. Not only because of the hardware-based spying [some of the allegations in the Bloomberg article suggest that chips were mounted BETWEEN LAYERS inside the circuit board], but also because of the DENIALS by those parties that were allegedly involved. AWS and Apple should NEVER deny an investigation, assuming that they're interested in customer and corporate security (unless they're under a gag order for national security or something similar).

In any case, I'm not 100% convinced to NOT purchase anything from SuperMicro, but I am concerned about 'things made in China' a bit more than I was before. China is going to have to come up with some kind of guarantee that the supply chain won't be manipulated like that - EVER. We've been suspecting them for too long, apparently with good reason, and past violations of our IP doesn't make them look like 'good guys', not at all.

Notwithstanding, some of the descriptions [chip the size of a grain of rice, or a sharpened pencil tip, between board layers even] is a little strange, to me. You'd need some pretty sophisticated stuff to interrupt a multi-Ghz signal and re-arrange the data like that. That kind of tech would be better served making a new CPU architecture or something like that. Rather than stealing tech, they could invent it instead. It's not profitable to them, in other words, to put that kind of tech expertise into spy chips that would THEN randomly target U.S. companies.

Re: Licensing v. Litigation

"And once the small company has collapsed they buy it's patent portfolio and do the same thing to another company."

Beware of 'The Blob',

It creeps, and leaps, and glides, and slides across the floor,

(etc. - Burt Bacharach from the late 1950's as I recall)

'The Blob' - patent troll companies in general

Re: Is anyone actually using this?

"the .Net Core is actually pretty good, open source and on point"

/me falls out of chair. What... the... *FEEL*????????

If your code actually includes ".Not core" you need to SERIOUSLY RE-THINK your engineering strategy...

Better idea: use an RTOS or Linux and _NO_ ".Not" CRAPware.

Re: It's not April 1st, is it?

"read the headline, got hit on the jaw by his knee flying upwards"

etc.

yeah I got hooked on that headline, after which I scanned the bullet points before starting to read, and THEN saw all of the snark I would've replied with in comments [and then some]. Everyone who knows anything about Steve Jobs knows he was NO saint, but hey, that's why the article [and it's baiting headline] was so much fun!

Re: "were made available for other OS"

"Linux UIs really lag behind Windows and macOS"

WRONG. I'll accept your "development tools" argument, but the problem with development on Linux or BSD has nothing to do with the UI "lagging behind" Windows.

in fact, the 2D FLATSO on Win-10-nic *LAGS* behind things like Mate and Cinnamon, assuming you don't use a 2D Flat theme, but the fact that you CAN CHANGE THE THEME means that Micro-shaft LAGS BEHIND!!!

Mate, Cinnamon, Gnome, KDE, and even vtwm have multiple desktops and have had them since 2005 or earlier. Micro-shaft only JUST added that feature to Win-10-nic. I typically have 8 desktops filled with task-specific stuff so I can multi-task more easily. Micro-shaft's "solution" appears kludgy to me, whereas there's over a decade of perfecting the way it works with systems that use X11.

And now the REAL reason for it "being hard" to develop for POSIX systems: Microshaft has been pushing for nearly 2 decades with proprietary "solutions" for developers, beginning with ".Not", and before THAT, lots of shared runtime DLLs and 'extension' DLLs, and so forth, ALL with licenses that allow you to 'freely distribute' them so long as they are ONLY installed on systems running a Microsoft OS. Yeah, it's in there.

Basically, they encourage [read: 'strongarm'] developers into using their 'freely distributable' shared components, but then LOCK THEM OUT of using them anyplace that's "not windows".

They also have made great efforts in the past to get driver support for their platform [which was a good thing for customers at one time], bending over backwards to assist 3rd party driver developers into getting this done, until it became a "pay to play" scheme for Win-10-nic [via certs].

They have also offered their OEM OS licenses as cheap as they can, with 'sweet deals' with computer makers that LITERALLY make it 'more expensive' to produce ANY computers pre-installed with Linux. This is usually called 'predatory practices' but for some reason they were getting away with it for a LONG time. Once they cornered the market, more or less, they controlled the availability of ANY alternative to their "one OS to rule them all" by essentially killing them off. Now we're all STUCK with Win-10-nic as the ONLY OS available on new computers not made by Apple, with a few exceptions here and there...

And software developers look at this and say "80% of the market is Windows, that's what I'll develop for, doing Linux or BSD or even OSX is just too expensive".

Re: Move

I bet they moved them all into C:\NUL (that's a temporary directory tree, right?)

Re: Why even touch user folders?

Don't ask Micro-shaft 'why', you'll just get a ban from their forums for NOT bowing down and worshiping them, and 'enjoying' EVERYTHING they do [to you], like a good little fanboi.

From the article: A former 'MVP' "went public after being defrocked following criticism"

Micro-shaft does NOT like criticism. ANY criticism. Especially, when it's the _TRUTH_.

/me "been there done that" back during the 'insider program'. MANY of us were VERY vocal about the 'wrongness' and were inappropriately treated by moderators, etc.. They wanted the insider forums to consist of praise and worship and "all good, no problems". Instead they got FEEDBACK about the wrong things they were doing, especially the ads, the slurp and forced updates. I was particularly vocal about the 2D FLATSO and the obvious 'not listening' to the customers.

And that's because we're not CUSTOMERS to them. We're "masses" or "minions" or something worse...

"On a different note, .NET Framework should definitely die. Too old gone HORRIBLY wrong."

Fixed it for ya. [being 'old' is NOT a reason for it to die].

And 'die' could be better expressed as: KILLED to DEATH by BURNING with FIRE, then DISSOLVING with SOLVENT. [that should 'solve' it, heh]

'.Not' and C-pound are 2 of Micro-shafts WORST decision in the last 2 decades!!! They should've just made C++ and MFC easier and tighter, and friendlier for STATIC LINKING. Well, THAT didn't really happen EITHER...

Re: Dirty tactics with the settings reminders

Question: doesn't the data mining VIOLATE GDPR ???

I think GWX is finally gone; however I'll keep a lookout anyway. Who knows it might be resurrected...

In windows 7 I can STILL say "pack sand, 'windows update'" and only manually install things I actually want to install.

that's why they shut that ability OFF in Win-10-nic - no more choice except THEIR choice.

what users and businesses want from an OS

actually, I think Micro-shaft stopped CARING what users and businesses want a LONG time ago... (around the time Windows 'Ape' released).

7 was the last version that was made with users and businesses in mind. Everything else SINCE then has been "what Micro-shaft wants to cram up our asses". 7 deliberately became the version that addressed our concerns [not theirs]. Not all things that ended up in 7 were better than XP. But mostly, it was an evolutionary change, and better than Vista. For the most part, the users were 'sated'.

I've heard that the difference between a psychopath and a sociopath is that a psychopath does not know what he is doing is wrong.

I think Micro-shaft knows DAMN WELL what they're doing, and they continue to do it, deliberately.

Embrace. Extend. Extinguish. EX-TER-MIN-ATE!

Their goal: When there is only ONE choice available, it will be Win-10-nic! And, _YOU_ will be the commodity!

('predatory practices' indeed...)

Re: rushed

"I've not seen your capital letters for a while"

why, are you one of my fans? Welcome aboard!

Funny, they do the same thing (capitalization and punctuation for emphasis) over at El Reg. I've seen it on occasion.

Re: Cancel? Yeah, sure thing, buddy.

s/Cancel/F*** YOU/ <-- what MS needs to do for their 'cancel' button

Re: Edge?

"What is Edge"

a) U2's guitar player?

b) The main character in 'Star Ocean: The Last Hope'?

c) something that "edgers" strive for?

(coat, please)

Re: rushed

Article: driver problems that "end up sending CPU usage skyrocketing and battery life plummeting."

I've seen SIMILAR problems within UWP [CR]apps in general, including some of the built-ins. I reported this problem during the insider program.

There's an internal architectural problem within UWP itself. Applications tend to "CPU spin" on conditions they are waiting for. It could be one of the 'WaitForXXXObject[Ex]' functions, it could be the use of 'Sleep' with a 0 value (for some reason quoting the function call tripped a security blockage) or even 'yield' doing it.

This problem also exists in POSIX systems when you return immediately from things like 'poll' and loop without using delays. In the POSIX world, though, your polling loop can use 'usleep()' which is in microseconds [no guarantee it'll be "that long", it's somewhat 'advisory'].

NOW - if _THIS_ is at the core of the problem, then it's a MAJOR ARCHITECTURAL SNAFU and Micro-shaft basically has NOT listened to *ME* on this. I know I'm right because it's measurable and I even posted the measurements, got hammered and discredited and ONE particular fanboi was even getting PERSONAL over it all. [This is how they react when faced with 'OBVIOUSLY WRONG'].

Hey Microshaft: SEE! I! TOLD! YOU! SO!!!

And so FINALLY someone wrote a driver with the SAME! KINDS! of assumptions as the main loops in UWP [CR]apps. Yeah, maybe it only showed up IN A VM when I was testing it, but it REALLY means they aren't TESTING AT ALL.

So yeah - 'rushed' aka "being cheap" and your QUALITY GOES DOWN.

icon because: to the REST of us (aka 'not Micro-shaft'), it's OBVIOUS.

Re: Any device manufactured in California..

"Well, thats going to help a lot."

Ack on the snark. (you WERE being facetious, right?)

The laws of 'unintended consequences' are the usual result from the "legislate yet another law" crowd, who claim good intentions. But coming from Jerry Brown and the Sacramento legislature [one of the most corrupt organizations on the planet, where paid lobbyists mull about on the legislature floor waiting to be 'consulted' on EVERY!THING! before it's voted on] I can expect an 'ulterior motive'.

Cali-fornicate-you gummint can only affect California corporations and residents. And they can NOT stop competing products coming in 'at the border'. So you'll probably see a couple of things:

a) a drop in the quantity of things being built within the California borders;

b) an increase in prices to the consumer;

c) overly-complicated setup processes if "just firmware" is involved in this regulation;

d) all of the above

Some of this was alluded to in the article, but I'll just say it straight out: the more governmentium and petty regulation, the LESS PRIVATE SECTOR ACTIVITY you will see. Because it costs the legislature NOTHING to "pass yet another law". It only costs those who are AFFECTED by it. That would be everybody else who is NOT THEM.

(My state needs an enema, starting with that crap-hole called "Sacramento")

I'd also like to point out, for the record, that all of the cheap IoT junk being sold on E-bay and Alibaba won't be affected by this. And I wouldn't be surprised if THAT stuff is MOST of the problem...

Re: Russia already has an alternative phone OS

With respect to ReactOS [and other open source alternatives]: As long as the OS and core applications remain 100% open source, the Russians, Chinese, and even the N. Koreans and Iranians can go ahead and contribute whatever they want to it. I might even help them!

It wouldn't be anti-American to assist with the success of ReactOS and other open source alternatives to Windows and Android. It would be anti-MONOPOLY (and thereby, pro FREEDOM) to do so.

A 'No Slurp' 100% open source alternative. Looking forward to it! well, hoping...

Re: Facebook will position itself as a provider of government digital services

yeah, a phone OS that *ASSISTS* in managing that 'Social Credit' system - no surprise here!

Re: What could go wrong?

as I see it, if you don't trust Google with your privacy information, would you trust something invented in China?

Re: There's a stupid, fat, paranoid, evil dictator at work here.

Kim Jong Un as Cartman from South Park - RESPECT MY AUTHORITAH!

At least he's not launching rockets over Japan, or blowing up mountains.

"That's where the money is"

I believe it was Willie Sutton who was reported to have said something like what's in the title, in response to "why do you rob banks". [some research suggests that the news reporter might have imbellished a bit]

from the article: "Why the use of such sophisticated and intricate operations just to attack banks?"

(see title)

Re: Maths

"explain why their super-duper AI doesn’t want to give mortgages or jobs or whatever to" [insert special interest group here]

well, if race/sex/whatever wasn't an input parameter to your algorithm, the answer to this should be obvious. The moment your algorithm includes something that *could* be a matter of discriminatory practice, an improperly trained AI *could* make use of it in a discriminatory manner.

Otherwise, FUD.

Besides, wouldn't having a "simplistic" library, something that n00bs and kids can easily make use of, help people to understand the basics of AI and thereby avoid the FUD-trap?

[I can't believe how my original positive non-snarky post about this got 8 downvotes - probably ALL from my 'fan club' - which means its personal and unrelated to content. howler monkeys. go fig. the up/downs are meaningless - well i wear the 'downs' as a badge of honor, heh!]

Icon, because "think of the children" which is why I also mentioned RPi - when kids get this kind of AI API working with an RPi (in Python) along with whatever science project they're interested in, things could get really interesting.

Re: For @#&% Sake,

there are at least 2 alternatives I'm aware of [atril and evince] and they run on Linux and FreeBSD [although evince may have mono dependencies now, DAMMIT - I use an older version of evince on windows machines, however, and so maybe it's there but I didn't notice]

in any case, PDF is well supported in the open source world. We don't need Adobe's "special sauce" nor their attempts at *SLURP* [why ask me to LOG IN using my E-MAIL ADDRESS just to view a PDF file????]

So yeah, toss Adobe's reader in to the trash and get something that actually WORKS! Atril is my current favorite. That may change if they do something stupid (like include mono dependencies).