2117 posts • joined 21 Sep 2011
Re: Do the people at El Reg...
Yeah, fair enough. Maybe we over-snarked.
Re: This is cyber warfare isn’t it?
Expired software certificate, apparently...
Qualcomm lifts lid on 7nm Arm-based octo-core Snapdragon 855 chip for next year's expensive 5G Androids
855 reminded me of the old 555 [triv]
Re: It's good somebody's doing this
That doesn't, TTBOMK, use machine learning, and instead uses the spare processor cycles on a lot of computers. Completely different project.
"Sometimes I really appreciate local rag journalist"
Some of us used to be them. My favorite rejected crap headline was about a bunch of casino robbers...
SEAL up your data just like Microsoft: Redmond open-sources 'simple' homomorphic encryption blueprints
"Why would you want to use this if anyone could just come along and change your data (albeit without ever knowing what it was)?"
No one can "just come along" and change it - if you have unauthorized database access then if the DB is unencrypted t's completely game over, and if it's encrypted then at least they can't see the data. If someone breaks in and changes the database records, then roll back to a backup and seal up your network security.
The aim of this is to keep the data shielded and minimize risk.
Re: Question about weak passwords
"I'm a bit confused about the reasoning behind forcing password changes leading to weaker passwords"
I imagine it goes something like this: you start out with D9xTMffgH!#82 then D9xTMff then DxCitrixAgain and then ihatecitrix and ihatecitrix! and ihatecitrix123
"the idea that someone could somehow gain anything useful from spying on a random oscilloscope"
Well, Target was pwned via its air-conditioning unit. I'm personally thinking you could use this to inject other systems - no one would suspect the scope - or infect it, wait for it to be transferred to another lab and then mess with stuff on that network.
Just use your imagination.
See this, Google? Microsoft happy to take a half-billion in sweet, sweet US military money to 'increase lethality'
"Has the author failed to engage their brain before writing this?"
No - I think you're blaming us for the actions of tech workers? I mean, techies have been creating bad press and embarrassment for corps by kicking up a fuss over military contracts. It's a little surprising that MS has gone for it, in that context.
But as we say, Microsoft has shrugged off prev criticism.
Re: How Many Times, El Reg?
Choo choo! Here comes the reality train:
"Bush and Obama did not have policies that resulted in the mass separation of parents and children like we’re seeing under the current administration"
Re: Oh come on, stop it.
"Whatever Gartner are paying you to run their stories you should shun the income and drop the crap they are peddling."
We're not paid to run any Gartner stories. Like with all analyst predictions, take with the required amount of salt.
Re: The reality is ...meh.
Well, thing is, it's a) a research project b) it's one attempt at it. It's not a final project.
These things improve. I think people tend to forget that technology slowly comes together, building upon layers of work over time.
Bit like the ink from this printer AI.
Re: robo-Rembrant [sic]
Blah, stupid late-night headline typo on my part. It's fixed - don't forget to email firstname.lastname@example.org if you spot anything wrong.
WhamWham, bambam, no thank you, SamSam: Iranians accused by the Feds of orchestrating ransomware outbreak
From the linked-to Treasury page...
"...these digital currency addresses should assist those in the compliance and digital currency communities in identifying transactions and funds that must be blocked and investigating any connections to these addresses.
"As a result of today’s action, persons that engage in transactions with Khorashadizadeh and Ghorbaniyan could be subject to secondary sanctions. Regardless of whether a transaction is denominated in a digital currency or traditional fiat currency, OFAC compliance obligations are the same."
Read into that what you will.
Re: I Am Spartacus
Er, at the time of writing:
1. the only image beamed back was the crappy photograph *embedded* *in* *the* *story* so that's the one we went with. More have since arrived, we can link to them now.
2. mobile users don't see the article's top 'hero' picture so they wouldn't see the Mars image if it was used as the header picture. instead, we *embedded* *it* *in* *the* *story*.
3. the image was *embedded* *in* *the* *story*.
Re: 'Today's films are made to be "woke"'
I take it you haven't seen Adam Sandler's 'Pixels'. That wasn't particularly PC or "woke". neither was Ready Player One.
"I wouldn't lose sleep over it."
Yeah, as we said, it's difficult to exploit. As seen with Meltdown and Spectre, it's easier to get someone to click on a link or run a fake Flash installer.
"researchers can claim a repeatable demonstration"
Yes, that's exactly what's happened - confirmation. It's a demonstration of the attack. Just as it's one thing to say some software has a heap overflow, and quite another to develop an exploit to reliably and usefully exploit the flaw to achieve code execution.
To make everyone happy, I'll clarify it's a confirmation rather than a discovery.
Re: They're not knocking ECC
No one's saying ECC is bad - not us, not the researchers, pretty much no one - it's just that if you thought ECC would stop Rowhammer, you're sadly mistaken.
As we wrote in the article:
"The boffins said that their findings should not be taken as a condemnation of ECC either. Rather, it should show admins and security professionals that ECC is just one of several protection layers they should use..."
Re: Bravo! *slow clap*
"It must be a really slow day if this is news."
Where's your published paper on this, then, egghead? The point is showing that ECC can't stop Rowhammer attacks on adjacent RAM cells.
Also: the Meltdown vuln was stunningly trivial to exploit, and was staring people in the face for years, and was rightly heralded as a major find. Sometimes the obvious has to be pointed out.
Re: Ermmmm, been this way forever?
This is using the CPU cache to fingerprint pages from their memory accesses. It's a new technique to spy on browser tabs, which has been done in the past.
It has access like all software - it runs from the CPU cache thus it can measure how other stuff sharing the same cache is operating, and fingerprint it.
This normally requires precise timing, and thus requires access to high-precision timers that are being locked off from developers for this reason.However, this technique gets around that.
Check out the linked-to paper, it's why we link to original materials wherever we can.
"Succumbing to 'gotcha' headlines."
Oh friend, you must be new here.
(PS: The article spells out the situation. If you can't take the ribbing, Breitbart is back that way, snowflake ----->)
If you nudge just enough into the right quarter, you'll qualify for the bonus - that's +/- $12m not $12m total - allegedly
Linux kernel Spectre V2 defense fingered for massively slowing down unlucky apps on Intel Hyper-Thread CPUs
It exists because it mitigates the Spectre Variant 2 security vulnerability. It hits performance because the mitigation in combination with Hyper Threading potentially slows down software.
So your choices are:
- a: enable mitigation for security reasons, enable Hyper-Threading, take the potential performance hit
- b: enable the mitigation for security reasons, disable Hyper-Threading because you weren't benefiting from it anyway
- c: disable the mitigation because you're not worried about the security issue, and enable Hyper-Threading
- d: disable the mitigation because you're not worried about the security issue, and disable Hyper-Threading because you don't benefit from it anyway
Most people will decide between a, b and c.
About as difficult as it is for Microsoft to run Office for 365 days of the year.
Re: "I'm not a programmer, but still"
Er, there are a ton of non-relational databases out there. Like MongoDB etc. In fact, these are gaining popularity so much that yeah, a distinction has to be made.
Re: anonymous coward
It's true VPNs are useful in China, which is why there's such an interest over there.
However, that doesn't excuse crap security. If you're using a stranger's VPN, you're placing an enormous amount of trust in that provider to not screw you over. With near-zero transparency, scrutiny or oversight, free VPNs are a privacy nightmare.
Edit: Oh yeah, don't forget all VPN providers must register with the Chinese government (see below, Google, etc), which is not... great.
Re: Browsing history?
It depends on the VPN. Anything clear-text can be snooped on or tampered with to inject ads. Any DNS look-ups for host names will be visible. Some VPNs offer a free browser that may collect your browsing history.
The VPN app could install a root certificate and MITM your SSL/TLS connections, if the websites you browse aren't mitigating that.
We've tweaked the sentence to clarify it.
"...using methods that can be replicated anywhere in this Universe."
Well, yeeeeeah... our planet is in this universe, at least it was the last time I checked ;-)
I kinda thought it would be presumptuous to say the constants would work everywhere in the universe. I expected a physics PhD to pop up and yell at us if we said "anywhere in the universe" because, I dunno, at least one of the constants used by the SI base units may not apply or change near black holes or other weird crap out there.
I don't know if people realize how much of a tightrope it is writing for a fair number of readers, most of them experts in a technical field. We try to get everything right within a reasonable time frame.
So anyway, that's why we thought "planet" would be a sensible non-offensive, non-triggering bounding box for boffins, seeing as humans aren't going much further into space for a while.
"It does seem El Reg is quite keen to welcome our Robot Overlords™"
I dunno, we've run a lot of skeptical stuff. The acceleration hardware and libraries popping up are interesting, and some NN applications, too, in that new algorithms are interesting.
Whether or not AI is a good idea in the real world long-term isn't clear. I get the feeling no one gets VC funding for saying they use "heuristics" these days.
Re: "than depicted here."
For various reasons (brevity, legal, etc) we kept it to the court document - if you click through to previous coverage, you'll find some more info.
Its built-in Wi-Fi.
Re: anonymous coward
> > We're just telling people what's going to happen.
> But Mrs May did that already. "brexit means brexit".
Sure dude, and here's what 'brexit' means (clue: see article).
"Why is this being reported as if it's a surprise?"
It's only a surprise if it's a surprise to you. We're just telling people what's going to happen.
"the mod queue seems a trifle arbitrary"
Some articles have been marked for hand-moderated comments, most not, eg this one, which is why your comment went through immediately.
Articles and users on manual-moderation mode have to wait for someone to be free to clear the queue; certainly I've seen the queue averaging 10-40 posts.
If you find yourself in the queue, it may be because you posted a correction as a comment, or had a comment recently rejected/removed. That'll put you in the queue for a while.
Re: "my comment took much longer to get approved"
New comment posters are manually moderated at first to make sure they're not spammers. That means comments are in a queue waiting for editors with time between articles to run through.
Scumbag who phoned in a Call of Duty 'swatting' that ended in death pleads guilty to dozens of criminal charges
Re: Cant they tell where the call was placed?
If you click through to the previous article, and pull up the grand jury paperwork*, you'll see it says Barriss "acquired an assigned telephone number from TextNow so it appeared to Wichita emergency personnel (with caller id) that defendant BARRISS was using a telephone with a '316' area code, the area code that includes Wichita, Kansas."
He used a Wichita number. FWIW US area codes are a little loose. Our San Francisco office has (650) phone numbers, which makes ppl think we are in San Mateo.
* it's still here https://regmedia.co.uk/2018/05/24/barrissindictment.pdf
Re: "CinemaSins likes to make fun when movies specify the countries of famous cities."
I know, and it drives me bonkers. Anyway fine - we won't spell out countries quite so much.
"I remember when 'biting the hand that feeds it' referred to a lack of reverence for the IT industry, rather than for the eyeballs that pay the staff's salaries."
I dunno, man. I think you're mistaken. I've been reading the Reg since 1999, and it's always been a bastion of tech eggheads who have no time for tedious pedantic bastards. And it still is.
Re: A note to USAian authors
"don't assume that the rest of the world is confused about which is the world city and which is the obscure USA town."
If we don't say it's UK/England then we get a load of comments and emails complaining that there's a London, Ontario, or London, France.
So thanks to you, we can't win either way. I almost want to wish you, and other tedious pendants, a most unhappy weekend.
Re: "It's now over an hour since you posted that & el Reg still hasn't corrected it."
That's because we have no time to read every comment - email email@example.com if you spot anything wrong so we can get on it fast.
Sorry about the cockup - sadly, these things happen.
Re: It's not a compass.
Nah, we're happy with quantum compass. It pretty much explains why in the article. The eggheads call it a quantum compass. It's not a traditional compass. It's a quantum compass.
Re: Is two really three?
Yes, two. Consumer, and enterprise and commercial.
Re: Del Boy?
Del also wore a sheepskin jacket - and BK isn't a used car salesman, he's selling stuff to other businesses and traders. That makes him more Del than Arthur, you plonker.
Re: Crappy SD != internal flash
Please read the next few words in that paragraph ("Given Apple's enormous purchasing power...")
Yeah sure, it's $50 for you to buy a bog-standard 256GB card. Not disputing that. But we're just not buying that Apple really has to charge several hundred dollars for its NAND without some kind of rude margin.
It's standard Apple. It charges $80 for a wireless mouse, FFS - our office has bought enough of them to know. Official RAM upgrades for Macs at least to be eye-watering. We call it the Cupertino idiot-tax operation for a reason.
The Register translates VMware's VMworld Europe 2018 news into plain English – our free guide for every reader
Re: you missed the REALLY important bit
I auto-tune out 'blockchain'
"there is something truly amazing"
FWIW it is an opinion piece by Andrew.F. Think of it as an antidote to all the hype.
While there is a hell of a lot of nonsense around AI at the moment, there are some interesting, and some rather crap, research projects and products, which we write about on a daily basis.
Re: frank ly
"Did they test the final product with real deepfakes?"
Yes, see the paper. They tested it against DeepFake-generated videos including a fake one of Nic Cage as Harrison Ford from YouTube (fig 6). It correctly pointed out the Nic Cage one as fake.
As the article points out, it's not perfect as it's built from their carefully curated dataset, and needs to be tested against a much wider set of forged videos.
'Pure technical contributions aren’t enough'.... Intel commits to code of conduct for open-source projects
Re: James 47
"the definition of 'being an arse' is entirely subjective"
Well, it's not too subjective - it's about not excluding someone unfairly, and treating each other with civility, etc. I dunno if you've noticed but the laws of the land are also subjective in places.
Where or when does defamation begin? Threatening behavior? Disorderly conduct? Assault? Life isn't black and white; programmers love seeing things in black and white, and, well, there's the rub.