* Posts by Blazde

706 publicly visible posts • joined 11 Jan 2019

Page:

Watchdog ponders why Apple doesn't apply its strict app tracking rules to itself

Blazde Silver badge

Re: OTOH...

Yea, fair. Quick google (oops, conflict of interest noted) says Google make about 50% more revenue than Apple from their app store, but that's from 3 times as many devices, so it feels like Apple are taking the piss a little bit more.

I don't like Amazon's margins either but they do ply their trade in more of a marketplace of sorts, just one which has a very powerful network effect. You are free to go to other publishers, or free to set up your own online store and avoid giving them their 15% tax(*). You just have to put more effort into marketing. It's a bit the same but a bit different, and a real challenge for competition regulators. Facebook, X, etc benefit from network effect too but it's easier to see that working against them in a myspace-type scenario than with Amazon and Google which have such a colossal capital investment in physical assets and fingers in so many pies. They need breaking up, but it's hard to see either US or international commitment to that any time soon.

(*) Hey Mr Trump, shouldn't that count as a tariff, like VAT?

Blazde Silver badge

Re: OTOH...

worse offenders out there regarding privacy and tracking than Apple

Eh but this is about their anti-competitive practice not their privacy policy per se. I'm not sure there are worse offenders (at least on a profits basis) than Apple's app store graft

2 charged over alleged New IRA terrorism activity linked to cops' spilled data

Blazde Silver badge

Re: And..

Fortunately for everyone who calls Gaza home it's not up to you

Blazde Silver badge

Re: And..

Deporting a million Catholics would keep the UK's net migration numbers under control for a few years. Probably best not to give anyone ideas, the way things are going lately..

Blazde Silver badge

Re: How to prosecute?

the big factor is that they're suspected New IRA, then it becomes information likely to be useful to terrorists

...

you or I probably wouldn't get done for possessing it but they'd take a very good look at you first which is why it's best not to go near

Legally it doesn't matter who you are. It's an offence unless you have a reasonable excuse for the possession. Sure, it's down to the CPS (PPS in N. Ireland) whether you get prosecuted but I don't advice taking chances, with this particular document especially. They're obviously on a mission to make up for the mistake and get rid of as many copies as possible to reduce the even more embarrassing and tragic possibility it is eventually used for an attack.

https://www.legislation.gov.uk/ukpga/2000/11/section/58

US lawmakers press Trump admin to oppose UK's order for Apple iCloud backdoor

Blazde Silver badge

The "technical capability notice" would have been served to Apple, either one notice or several to the same address. So no chance to poison.

Apple themselves would have to inject identifies when sharing with their execs, legal team, technical team, US authorities, etc.. which would be a quite different and extraordinary story.

'Key kernel maintainers' still back Rust in the Linux kernel, despite the doubters

Blazde Silver badge

Re: If I understand the logic, I understand the reasoning...

20+ years of kernel coding experience

C'mon, it's not that esoteric. Every comp sci graduate has done some kernel courses. There are a few key differences in memory usage, robustness, interrupts, weird low-level device specific interfaces to read up on, and you need a good understanding of the hardware in general (as in any performance sensitive or low-level code) and for sure those take a decent amount of development time to get a good grip on, but not 20 years for anyone with a decent innate ability for this sort of stuff. How many years kernel coding experience did Linus have when he first wrote Linux? I don't think Dave Cutler even had 20 full years kernel hacking when he conjured up NT.

(I also find it hard to believe no one already with 20 years on the Linux kernel has yet made the effort to learn Rust, but maybe I'm overestimating them).

Blazde Silver badge

Re: Not ending well, like most things these days

Nah the exact same API problem would exist. There are some ease-of-use features that make interfacing Zig and C more automatic, but it's really not that different in Rust with bindgen. The complaint/issue is that if a maintainer changes a C API they then feel responsible for having to change C, or Rust (or Zig) code which relies on it, and they're happy to do that if it's C code but not necessarily if it's Rust (or Zig) code that they're not familiar with. Just having bindings refresh automatically might not be enough. In any other project you'd say nail down the damn APIs already, but it's the Linux kernel, they arguably have good reasons not to and that's worked okay so far.

Zig is a decent C replacement but I don't believe it makes as good a complement to C as Rust does in something like the Linux kernel (mainly but not only because of the memory safety Rust brings).

Blazde Silver badge

Re: Not ending well, like most things these days

I'm not a fan but Java is, by most measures, still today one of the most successful and widely used languages of all time largely because of that 'run anywhere' feature. Unlike Rust it isn't appropriate for the Linux kernel of course.

https://www.statista.com/statistics/793628/worldwide-developer-survey-most-used-languages/

https://invozone.com/blog/top-10-programming-languages/

Judge says US Treasury ‘more vulnerable to hacking’ since Trump let the DOGE out

Blazde Silver badge

Re: What constitution

Yikes. It looks unambiguously ambiguous to me. So one for the Supreme Court to untangle. Which is better than it being a full-on loophole.

The Vice President's primary role is being a back-up President so the intent of the 22nd amendment should presumably be to prevent a two-term President running for Vice too, especially given the wording around those succeeding a President for 2 years or more only being allowed one term. But they messed up not stating that explicitly.

Blazde Silver badge

Re: What constitution

Even Putin didn't serve 3 terms straight up, he found a willing lackey in Medvedev. Trump could do similar because his endorsement may be worth a lot in 2028 (depending how the next few years go). He'd just need to find someone he held enough power over to keep them in line.

I think his bigger problem will be being an old senile cunt 82. That didn't go well for Biden.

India's banking on the bank.in domain cleaning up its financial services sector

Blazde Silver badge
Coat

bonk.in

UK Home Office silent on alleged Apple backdoor order

Blazde Silver badge

Re: iCloud Lock

The T&Cs say they can close your account/takedown your video/do whatever they like if they think you're breached the T&Cs or you're doing something vaguely harmful. If you ask them for any details on this process they'll refuse because it might help others defeat their harm detection processes.

And because it would reveal those harm detection processes are utterly incompetent, crudely automated, and that nobody at Google cares about that.

Blazde Silver badge

Re: Same old labour...

A bit before Blair. March 1997, Ian Taylor Conservative Minister for Science & Technology

"These proposals - aimed at facilitating the provision of secure electronic commerce .. at the same time are aimed at striking a balance with the need to protect users and the requirement to safeguard law enforcement, which encryption can prevent." in short, licensed '3rd party' escrow of encryption keys

( https://www.cl.cam.ac.uk/archive/rja14/dti.html )

Blazde Silver badge

Re: Same old labour...

This is a Tory law

The amendment in question was remarkably cross-party. Yvette Cooper in opposition spoke passionately about the need for it. Minor fuss was kicked up by SNP, Lib Dems, and by David Davis but they all, perhaps tactically, limited their battles to particular technical topics. There were no divisions (votes).

For the original 2016 bill Labour abstained knowing it would pass, in typical Corbyn fence-sitting fashion. Only Lib Dems, Plaid, Greens voted against it.

Blazde Silver badge

Re: Human Right

utter disinterest in anything except the technical challenge of the argument

Because that's the role of a lawyer. It's useless them arguing about something they're passionate about if it has no basis in law. You may as well be calling out dentistry for making no contribution to fine dining.

It's the job of politicians, campaigners and perhaps philosophers, to make good human rights law in the first place. The current breed of politician is sadly inclined to care about much more shallow topics, with very few precious exceptions. Thank god for those who came immediately after the war and set the standards that are now being undermined. Without them the whole world would already be heading rapidly in the same direction China is.

Blazde Silver badge

Re: but why now...

More that it'll be easier this way. Going after devices is less covert and requires much more resources. Of course easier access very inevitably leads to more scale but that doesn't make it the motive.

Google: How to make any AMD Zen CPU always generate 4 as a random number

Blazde Silver badge

Re: The train is waiting attestation

IME is chipset, and as far as I know the same goes for any persistent rewritable capability.

The firmware-TPM/IME/PSP stuff is all very complicated, intentionally obscure and implemented differently by AMD & Intel but I believe the CPU's role is only to provide a secure environment for doing sensitive operations, and to provide a hidden Endorsement Key which is unique and burned into the CPU once at manufacture and which acts as a root of trust to verify data stored outside the CPU hasn't been tampered with. Both those features are non-volatile.

The CPU is a single chunk of silicon (or, lately a few chunks cleverly stuck together). It would increase manufacturing complexity, reduce yields, increase failure rates to put different memory technology on the same silicon. It wouldn't buy extra physical security because non-volatile memory becomes less non-volatile in easily reproducible situations (depending on the technology: power loss, freezing, x-rays, etc), and it would probably not be all that cheap to make it tolerate CPU heat cycles.

I suppose the nightmare scenario is that this microcode vulnerability can be used to expose the CPU's Endorsement Key, which then forever compromises the CPU without the presence of any actual backdoor..

Blazde Silver badge

Re: On the bright side

I doubt there's much performance benefit to be had, because ultimately whichever way you run the micro-ops you'll tend to run into the same few key bottlenecks that the x86 instruction set is already equipped to run into. But definitely could be a lot of fun.

Blazde Silver badge

Re: The train is waiting attestation

The microcode in the CPU is essentially firmware, it is not written to every time the system starts

The microcode update needs to be applied to each CPU every time it boots. It can be done in BIOS or by the OS. In this case you obviously want to get it loaded as early as possible to protect against malicious microcode updates later in the boot process.

The CPU itself does have ROM containing the original microcode at manufacture. That's what gets patched, but the patch vanishes when it's powered off.

Blazde Silver badge
Happy

'likely a reference to XKCD'

I like to think they flipped a coin to decide between the xkcd reference and the Dilbert reference (nine nine nine nine..)

(props to those who worked on this by the way, looking forward to 5th March to geek out on the microcode details a bit)

US cranks up espionage charges against ex-Googler accused of trade secrets heist

Blazde Silver badge

Re: The middle kingdom does like a bit of IP

What's the answer dear El Reg readers?

The WTO is responsible for enforcing worldwide IP rules. One answer is therefore for the world's largest economy to stop undermining the WTO at every possible opportunity, stop flaunting it's tariff rules so egregiously, and then for all members who do care about IP and free fair trade to work together to ensure there are sufficiently severe consequences and ultimately self-protection against IP theft. This should have begun about 10 years ago at the absolute latest (to be clear I'm blaming Obama as much as Trump).

US accuses Canadian math prodigy of $65M crypto scheme

Blazde Silver badge

It's solved the same way - in fact more easily - that fraudulently obtained regular currency is dealt with. The exchanges/banks refuse to move it around and so, unless it's a small amount you can pay your cryptobro milkman with, you're stuck exposing it to money laundering risk and write-down, or you accept it's permanently stuck in the black market and buy a stolen van Gogh with it, or whatever.

Blazde Silver badge

If you're worried your tulips might be worthless so you want to exchange them for daffodils, or you're worried the dyke might fail and flood your tulips so you want to move them to a safer warehouse, well you can buy my fun new buttercups (aka Kyber Network Crystals) and my poorly written trading software (aka automated smart contracts) will do those trades for you in an unnecessarily elaborate way, in return for a fee and/or some risk of all your tulips ending up in the hands of 'math prodigy'.

You begged Microsoft to be reasonable. Instead it made Copilot reason-able with OpenAI GPT-o1

Blazde Silver badge

Re: Who are the dopes?

Do you have any idea how ingrained usage of MS Office is out there

Just noting Office LTSC prices didn't jump by a third this week.

Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek

Blazde Silver badge

There were some, but it was mainly desperate reaching by content producers. Newspapers wanted money to make up for ad revenue they lost to tech giants for reasons unrelated to linking to their sites, and despite those same tech giants being their main remaining source of page views. I'm not aware it got anywhere in court, which meant there had to be some pity-legislation in a few countries.

It's unknown yet but I suspect the impact of the hurricane of litigation hitting LLM companies is going to dwarf everything search engines experienced.

Blazde Silver badge

The basics of what Google does is defend-able under fair use quotation/reporting criteria backed up by the lack of harm done to websites it indexes. Where they regurgitate entire paragraphs - featured snippets, info boxes and such - we can assume that's always with the site owner's permission (certainly in the cases I'm aware of). There wasn't ever even much in the way of court action around search engines because of the lack of controversy around their copyright use.

Scooping up all the data secretly and then using it without any kind of attribution to create works you claim as original is a wholly different situation. It's closer to sampling controversy in popular music, except, if the AI revolution somehow works as promised the effect will be much more harmful to content producers whose rights have been violated.

Blazde Silver badge

I'll happily support OpenAI going after DeepSeek for violating their ToS, just as soon as I get my royalty cheque..

Tiny Linux kernel tweak could cut datacenter power use by 30%, boffins say

Blazde Silver badge

Re: re-ordering declarations

Since you've mentioned it. Modern languages like Rust and Swift - possibly others - do reorder fields to save space. Example: https://play.rust-lang.org/?version=stable&mode=debug&edition=2021&gist=da1828bceb324bb7ce62457f0c5bf8e2

C & C++ are constrained by language rules which say fields can't be reordered, in part for predictable interfacing with external code, and in part because that's the way it's always been done and plenty of hacky, otherwise memory-unsafe legacy code relies on it.

Trump admin's purge of US cyber advisory boards was 'foolish,' says ex-Navy admiral

Blazde Silver badge

Re: Is 'learnings' a word?

I'd take funny clown over angry clown any day, I miss Dubya.

Blazde Silver badge

Re: Is 'learnings' a word?

Bastardeiddio o'r Brittonic, erbyn Saxon a Norman llysnafedd!

Blazde Silver badge

Re: Is 'learnings' a word?

Bastardisations of the English language

(If you can't beat em join em)

'Bro delete the chat': Feel the panic shortly before cops bust major online fraud ring

Blazde Silver badge

Re: Scum

It's the non-violent aspect of it rather than 'white collar' aspect of it. Three near-kids with no previous doing a non-aggravated burglary and netting £100k would probably be given even lesser sentences.

Rob someone's watch in the street while wielding a knife and the sentencing goes a bit differently.

Sweden seizes cargo ship after another undersea cable hit in suspected sabotage

Blazde Silver badge

Re: You know, bad weather can sink bad ships

"innocent" owners? New to the shipping business are you?

Innocent because it doesn't make sense to use such a relatively valuable ship to perform this kind of sabotage, considering the risk of lengthy impounding, when you can use any old ship worth a fraction of the value. The fact that the ownership structures are so murky only adds to that argument; there's zero reason not to use a junk ship if the owner of the ship is aware of the sabotage.

Blazde Silver badge

Re: You know, bad weather can sink bad ships

Along those lines.. I wonder if the next step is doing this with ships full of Belarusian-weaponised migrants. That way, no Western port even wants to impound the vessel and risk upsetting their snowflakey-xenophobes.

Blazde Silver badge

Re: They don't need to sink them

And what if the captain has been offered 12 months salary and a Russian wife(*)

(*) I'm saying this because the alleged assassin of General Igor Kirillov was said to have been offered (probably spuriously) an EU passport by the Ukrainians and I can't think of anything else of non-financial value Russia could offer. A foot-rub from Putin maybe? But he's probably too busy.

Blazde Silver badge

Re: You know, bad weather can sink bad ships

I'm not excluding captains from the 'bribed crew' category. It's the nature of the business that the owners of a ship and it's entire contracted crew didn't exactly grow up in the same town and go to the same school because the crews are very international and the shipping investors are enjoying the good life, just setting up a company and finding some skeleton talent to manage it. It's a similar situation to North Koreans landing US tech jobs working from home, quite easy to infiltrate without the tech CEO's knowledge.

It's going to be interesting though, at some point some bribed crew will fess up (with the right carrot & stick balance) and there's a possibility of stepping up the chain of command toward a shady organisation. Or less likely your captain turns out to be ex-Naval Spetsnaz with fake documents or whatever.

Blazde Silver badge

Re: You know, bad weather can sink bad ships

It's not super clear from the article but this latest incident actually involves a brand new ship worth ~$25 million. Seems fairy likely the owners are actually innocent and it's just planted or bribed rogue crew.

Blazde Silver badge

Re: You know, bad weather can sink bad ships

There aren't enough undersea cables to worry about and a single military ship could just do that and nothing else

Really? There are something approaching a million miles worth of cables and pipes criss-crossing ocean floors worldwide. Of course with considerable effort and expense the ones in the Baltic could be better protected than they are now but even within that limited area watching every bit of infrastructure sufficiently to pre-empt attacks is clearly infeasible without drastic and inflammatory forced changes to centuries old international shipping laws. And then the attacks will just migrate to less well monitored areas (calling it now).

For Russia one 'ageing and poorly maintained vessel' traded for a cable out of action for months plus the distraction and resource commitment of NATO's response is presumably a very good deal. What needs to happen is to gather enough evidence to trace the attacks up the chain of command followed by some kind of proportionate response that greatly increases the cost beyond impounded vessels. Assuming is it the Kremlin ordering them, then sadly a lot of the potential proportionate responses have been used up already so hopefully somebody is able to get creative and we don't end up with NATO cruise missiles bombarding Russia oilfields or something similarly dangerous.

DeepSeek limits new accounts amid cyberattack

Blazde Silver badge

Re: The result has been a selloff in AI stocks.

The difference is that whatever openAI's "value", nobody is handing over any cash

They've been handed ~$18bil in equity cash and ~$4bil in debt cash. But as Microsoft is their biggest investor, most successful shill, and can absolutely afford to write off the whole thing anyway, it arguably isn't as big a deal as the HP thing.

Blazde Silver badge

Re: The result has been a selloff in AI stocks.

I know, they can't be reasoned with.. but regardless. The lesson should be: To combat random Chinese start-up eclipsing us with $6mil, give every AI graduate $60,000 rather than giving OpenAI $6 billion.

It's not actually that surprising in a young field. We know the key to training neural nets is a) the training regime and b) the design of the network. OpenAI found a reasonable combination of both and then immediately threw unimaginably stupid amounts of money at both to boost them a little bit, which is what you don't do when some more innovation is likely around the corner (and you don't have a fool-proof way to get proportionate returns very rapidly). Innovation 1 - Hubris 0, not for the first time.

Nvidia & the cloud businesses will be relatively okay, because the new innovation will always be increment-able with more processing power.

Blazde Silver badge
Black Helicopters

Can we be completely sure the LLMs haven't started fighting each other?

After all, we know ChatGPT has been granted DDoS capabilities: https://www.theregister.com/2025/01/19/openais_chatgpt_crawler_vulnerability/

Asus lets processor security fix slip out early, AMD confirms patch in progress

Blazde Silver badge

Re: AMD wants them to throw them out

Ongoing support

Price differentiation. There was no technological reason for burning through an entire socket spec so quickly. Don't get me wrong, I'm glad they're taking it to Intel, but sadly they don't do that by being kind to consumers.

Blazde Silver badge

Re: Doesn't look like a vulnerability

To be fair Intel changed their microcode format for Core 2 (? ~2006) and only then did it appear to use a strong public-key crypto scheme.

I'm not aware anyone ever fully cracked the old format but it just had some kind of 16 byte hash/checksum at the end that executed far too quickly to be anything more complicated than maybe MD5, if that. Looks like AMD's was a 4 byte checksum, so considerably weaker to brute force but probably not that much different once you probe inside and understand what the processor expects.

AMD of course had a lot less money to throw around during 2006 to 2011 so no surprise they were a bit behind shoring up the microcode.

Blazde Silver badge

Re: Doesn't look like a vulnerability

It think we have to assume microcode updates are now a lot more powerful & interesting than in the unencrypted Athlon 64 days, so this is potentially very interesting.

Whether it's a vulnerability or not depends purely on your threat model..

Ransomware attack forces Brit high school to shut doors

Blazde Silver badge

Re: Why should an IT outage necessitate shutting the school

The register is a legal requirement, we have to upload them nightly to the DfE.

Without a usable register, and emergency like a fire alarm could be a disaster, we wouldn't know who is in school and who isn't

No, it's guidance. It's DfE data-hoarding and if you have trouble gathering the data on one day because of an exceptional situation you can absolutely tell them to shove it. (The headteacher should ideally be the one to do that, their common sense and ability to stick up for the school is what they're paid for).

I've looked through a lot of fire safety guidance on schools and can't find any reference to register being even guidance. Can you provide more on that? As others have noted, the fact they're allowing pupils in to collect lunch doesn't jive with it being all that critical for anything.

Incidentally, closed for some year groups all week long (at least).

Blazde Silver badge

Re: Why should an IT outage necessitate shutting the school

Exactly. It's nothing to do with the register. Most likely, because the phone lines and CCTV are down there's been some legally risk-averse decision that it's just easier to have kids schooled at home for a day or two. Maybe that's rational because online schooling is a decent fall-back these days, but let's not pretend it's somehow impossible for them to open up if they wanted to.

Blazde Silver badge

Re: Why should an IT outage necessitate shutting the school

I'm not a teacher but I did on many occasions a) take register as a pupil myself because the teachers couldn't be arsed, and b) fail to be present in school when register was taken and suffer no adverse consequences. So I'm aware what a completely pointless tick-box joke the whole palaver is.

To cancel an entire school day because you can't verify which pupils are not cancelling their own school day is the very definition of cutting off your own nose.

How to leave the submarine cable cutters all at sea – go Swedish

Blazde Silver badge

Re: Practice what you preach?

If you believe that the Nord Stream sabotage op wasn't conducted with the full knowledge and behest of NATO and the aforementioned "investigators", I've got a bridge to sell you!

It's also not that unlikely it was a rogue or at least deniable Ukrainian op without NATO approval. Very risky for them but someone, somewhere, however high up may have decided the benefit was worth it.

As far as I know the only material evidence was some private diving op launching from Ukraine. That could have been the work of anyone from Russia, to Zelenksy himself, the US, Estonia, or Finland, etc. You can always conjure up a plausible false flag explanation, and you can always find some rambly quote from Biden beforehand that may have helped inspire a false flag op. All we can really say is that if it was Russia it got them nowhere, but that's par for the course at this point. If it was Ukraine it was hella ballsy. If it was with German approval we're not going to know for 50 years because they'll have made that a condition of approval, even though it did solve a political problem for them.

Ukraine meanwhile kept pumping Russian gas through their own territory until very recently. Just to add to the mystery.

Blazde Silver badge

Re: Practice what you preach?

A prime example of the point being made. With international clarity around the consequences for sabotage Nord Stream would not have been attacked. Regardless of who did it.

Page: