Posts by diodesign

Re: How do we pay for it? THIS.

Cool analysis, thanks. Re: the Reg numbers... we have a staff of ~50 not 150. About 25 staff journos plus ad sales, tech and admin. Our operating costs are about $5-6m.

C.

Re: a b

Well, y'know, we've labelled it as such, it pays the bills for the rest of our journalism. This snark does not come cheap.

C.

Re: Drive-by or not drive-by?

"an attacker and victim have to be associated with the same access point"

For this particular firmware bug, yes. So if you can't get on the same network as the victim, set up a free access point and lure them on. Bingo.

C.

PS: If you spot any errors, email corrections@theregister.co.uk.

Re: BongoJoe

"Where does the owner of the document fit into this process?"

Make sure you don't put Windows 10 into Full telemetry mode.

C.

Re: What I'd say

FYI Brian is a Datrium employee.

C.

Re: Bromium then Cylance

"So Bromium's workforce has been significantly cut down"

We heard a while back that people on the Mac team were cut. If you have any more details, get in touch - news@theregister.com or anonymously via Ricochet - ricochet:m3bnxucau5ishl2h

Cheers,

C.

Re: It might be good, but...

"does not quote sources"

Mate, it's a hands-on review. It's... what our man Kieren thought of it after using it. It's not even a glowing review - we point out all the limitations and caveats as well as the potential benefits.

C.

Re: If you disconnect from the internet...

Your Qs can be answered by reading the linked-to blog post.

1. You have to enable macros or run the macro. If you think this is a major hurdle, you haven't worked with people. The payload runs covertly out of sight. It waits (blocks) until the download is complete - google WebClient.DownloadFile().

2. Yes.

3. margin2601_onechat_word.exe

C.

Re: Shockingly, the numbers were presented without context.

Yeah, now look at the leadership gender/race figures.

C.

Re: Airports

Yeah - that sort of thing, not a supply chain.

C.

Re: Roger B

But today's article wasn't written by Andrew and has little to do with net neutrality. Just seems off topic.

C.

Re: It's fake news folks.

It does look too good to be true, however: The Hollywood Reporter and the New York Observer both say they have been in contact with Lucy, a kid who is learning basic web dev skills in a coding bootcamp, apparently. THR and NYO aren't really the sort of publications to make up quotes separately and independently about the same person. I'll be very disappointed in THR if this turns out to be fake.

Crucially, NYO says it has seen the C&D letter. The WHOIS records also suggest TrumpScratch.com predates kittenfeed.com. I've added a link to the NYO story and some more info about the domains.

If there is a PR viral marketing thing behind this, it's not clear who the beneficiary is - it's a long-winded way of touting a porno website, which we spotted and isn't mentioned in the THR and NYO reports.

One odd thing is that NYO is owned by the family trust of Trump's son-in-law Jared Kushner, also an advisor to the president. You'd have thought that may have put off NYO from running anti-Trump news, but OTOH perhaps the title has proper independence (which is a good thing). It did publicly back Donald as the Republican candidate, though.

Very odd, and a bit of pre-Friday fun. It's not exactly Watergate. Take it with a pinch of salt if you wish.

Update: We've seen the DNS records - the domain was registered on March 22, weeks after "Lucy" claimed to have received the C+D demand so it's pretty much Fakey McFake Fakeface. Sorry. Lessons learned.

C.

Re: Dumb Question

"Virgin Media runs on EE's network"

Bingo.

C.

Re: "Russian Federal Security Service"

Nope – Federal Security Service, from the horse's mouth.

Pedantry – Близо́к локото́к, да не уку́сишь.

C.

Re: I don't know what company Mark Pesce works for, but he should quit.

"What he is talking about, I've worked as an employee and contractor for just over 30 companies. And NONE of those companies is on the same planet as Mark Pesce. I'm an extroverted guy, I like to get in on scuttlebutt, and I've never heard anything like what he is talking about."

I've never had cancer so why are we spending millions and millions tackling it?

C.

Re: Wait...

Yes.

C.

Re: Who can you believe nowadays?

Well, both. Wikipedia is talking about full-year users (170m) and Statista is talking about monthly users (about 50m). If you follow the link in the Wikipedia page, you'll get to a South Korean financial news article that says:

"KakaoTalk ... had 170 million subscribers at the end of last year and 48 million monthly active users (MAU)."

C.

Re: "Oh goodness here come the meatheads..."

Chris is welcome to his opinion.

C.

Re: Question

"Surely hardware needs a driver"

In this case, a generic ACPI driver that accesses the hardware in a uniform and standard way - via ACPI and the ARM server and boot standard (Register passim) - rather than specific Qualcomm and Cavium chipset driver code.

C.

Re: Re: Dear el Reg,

"The Register would focus on the technical details"

There are very few technical details in the WL dump - and we've linked to the most interesting stuff for you to read yourself. There is basically not much of worth in the leak, relative to the hype, which makes us wonder why St Jules went to the trouble of going ballistic over it...

"The CIA is paying contractors to develop zero day vulnerabilities, does not inform the vendors and then the malware leaks"

We've written pages and pages and pages about the IC hoarding vulns. And no malware nor exploits leaked in this WL dump.

C.

Re: Ryzen

I know, I know. I've been really busy, I'm completely stressed out, give me time. I'm at OCP Summit on Wednesday and cleared Thursday to focus on AMD. In the meantime, a colleague in the UK is covering the Zen server chips for this week.

At El Reg, bad news is a priority: crashes, hacks, cockups, scandals and crime come first. And lots of that has been happening.

PS: We're seeking a full-time semiconductor news reporter to take chips off my hands. If you, a friend or anyone else reading thinks they can cover CPUs, GPUs, ucontrollers and ASICs and FPGAs for The Reg, email me: cwilliams at theregister dot com.

C.

Re: No spectrum analyser?

Too easy.

C.

Re: Availability Zones

We didn't mention AZs because S3 doesn't use availability zones. That's for EC2.

C.

Re: Roger B

The comment's back.

C.

Re: You could be a touch more sceptical, please

Um, well, you can use spare cycles to perform ML *inference* to optimize the system. Inference is very cheap. You're probably thinking of training, which is intensive. Modern ARM cores are beefy enough to do inference.

Basically, ideally, you train the system offline to optimize memory allocation, deallocation and organization based on loads of different scenarios (which types of apps are running, for how long, with how much charge, etc), build that model and code into your firmware. Then the phone can make better decisions on how to save power or provide performance, all through cheap inference.

More operating systems should do this. Forget the AI/ML hype, this is useful stuff for letting devices cope with a large range of users and their demands, without an ugly codebase of heuristics, if-elsif, and switch() blocks.

C.

Re: Eddy

Great memory. Well, this time round the paper's been officially published, and we've got more details and quotes - such as the pages most argued over. Enjoy!

C.

Re: Root access

It's not always about root access. You might be able to game the OS to blink the light when you want as a user-mode process. But anyway, it's not about that. It's about getting information out of an infected air-gapped system. In theory. It's literally an academic exercise ;)

C.

Re: Kinda

Nah, I kinda like the word. if you want boring lifeless mechanical prose, VentureBeat is that way ---->

C.

Re: What license is he going for?

MOOSE is GPL 2.1 and the build system (Civet) is Apache 2.0 - both linked in the article.

C.

LINX is lying

We disagree with LINX's incorrect claim that there is no gag clause. There is a clear update to the constitution that means information will be withheld from members if legally necessary. Within the context of the IP Act, that means secrecy orders attached to surveillance demands.

LINX was also obviously, from consultation documents, considering the impact of the IP Act when it was drawing up this constitution tweak. We also ran this article's claims by LINX prior to publication, and the result is the official quote at the end of the story. It is disappointing to see LINX fail to accept the findings and criticism presented by The Register.

Here's the relevant text from the amended constitution highlighted.

C.

Re: This story only got written for the headline

:) We really want to do a podcast or some kind of recording of our headline writing, if only we had time. It's mainly us shouting puns at each other across the office.

C.

Re: "it's not totally giving up"

Yeah, I think our sarcasm was a little too subtle, there.

C.

Re: Hmmm.....

"I haven't heard of a single Trump-based scandal."

I almost rejected this for its sheer stupidity but I'll leave it here for all to see. You're either expertly trolling, or helping to fuel the creeping post-fact neurosis that's threatening to poison the great nation that is America.

There are so many fuck ups, it's hard to know where to begin. Firing his acting AG who turned out to be right. Bannon's bungled Muslim ban. Michael Flynn. The constant lies and completely unsupported assertions, especially about voter fraud. Russia. Nordstrom. The OPSEC comedy performance art at Mar-a-Lago. The crappily written exec orders. The fact that the exec orders on the WH website do not match what was signed. Acting tough on China until it granted him his trademark. Putting Betsy DeVos in charge of education. Having anything to do with Jeff Sessions, let alone making him Attorney General, after he was deemed too racist to be a federal judge in the 1980s. And so on.

You get the picture. It also means I highly, highly doubt anything else you write since you see the world through such a warped lens.

C.

Re: Not right, but not that strange either

Not sure even the UK would stop and search a UK citizen, and seize his phone, for being of vaguely Middle Eastern descent. (See the opening example in the article.)

C.

Re: Not sure how real this is in the UK

It's coming to UK + Europe, gradually.

C.

Re: Diesel Electric

The subs aren't diesel-electric, they use fuel cells. Apologies for any confusion.

C.

Re: TheVogon

Last we heard, which was last week, Intel still didn't have a working firmware fix.

C.

Re: Adam 52

I hate to literally "actually" into a conversation but...

Actually, we went HTTPS well before 2017: experimentally, while we worked in things like ads, layout components, the mobile design, and so on, HTTPS was available, we just didn't hype it before it was ready. If you tweaked the URL from HTTP to HTTPS you would have had a nice surprise. We've been working on encrypted Reg reading for months :) Props to Marco, Tony and the tech team for their work. It takes time because there are so many components to a page, and all need to be served securely.

So in short, if you hit a HTTP link, change it to HTTPS. Gradually, these will all become HTTPS automatically.

C.

Re: Bah!

Sometimes I can't tell if you peeps hate us or love us. I've fixed the copy. Don't forget to email corrections@thereg ah fuck it.

C.

Re: Dave 126

Ha, sorry. Was too busy concentrating on Intel, IBM and other exclusives. Got clumsy on this. It's fixed.

C.

Re: Fake News

It is very true.

C.

Re: Destroy All Monsters

"OTOH, why are we discussing beating laws in Russia as opposed to say, beating laws in Saudi Arabia again?"

See Register passim etc.

C.