Re: How do we pay for it? THIS.
Cool analysis, thanks. Re: the Reg numbers... we have a staff of ~50 not 150. About 25 staff journos plus ad sales, tech and admin. Our operating costs are about $5-6m.
C.
3261 publicly visible posts • joined 21 Sep 2011
"an attacker and victim have to be associated with the same access point"
For this particular firmware bug, yes. So if you can't get on the same network as the victim, set up a free access point and lure them on. Bingo.
C.
PS: If you spot any errors, email corrections@theregister.co.uk.
Your Qs can be answered by reading the linked-to blog post.
1. You have to enable macros or run the macro. If you think this is a major hurdle, you haven't worked with people. The payload runs covertly out of sight. It waits (blocks) until the download is complete - google WebClient.DownloadFile().
2. Yes.
3. margin2601_onechat_word.exe
C.
It does look too good to be true, however: The Hollywood Reporter and the New York Observer both say they have been in contact with Lucy, a kid who is learning basic web dev skills in a coding bootcamp, apparently. THR and NYO aren't really the sort of publications to make up quotes separately and independently about the same person. I'll be very disappointed in THR if this turns out to be fake.
Crucially, NYO says it has seen the C&D letter. The WHOIS records also suggest TrumpScratch.com predates kittenfeed.com. I've added a link to the NYO story and some more info about the domains.
If there is a PR viral marketing thing behind this, it's not clear who the beneficiary is - it's a long-winded way of touting a porno website, which we spotted and isn't mentioned in the THR and NYO reports.
One odd thing is that NYO is owned by the family trust of Trump's son-in-law Jared Kushner, also an advisor to the president. You'd have thought that may have put off NYO from running anti-Trump news, but OTOH perhaps the title has proper independence (which is a good thing). It did publicly back Donald as the Republican candidate, though.
Very odd, and a bit of pre-Friday fun. It's not exactly Watergate. Take it with a pinch of salt if you wish.
Update: We've seen the DNS records - the domain was registered on March 22, weeks after "Lucy" claimed to have received the C+D demand so it's pretty much Fakey McFake Fakeface. Sorry. Lessons learned.
C.
Nope – Federal Security Service, from the horse's mouth.
Pedantry – Близо́к локото́к, да не уку́сишь.
C.
"What he is talking about, I've worked as an employee and contractor for just over 30 companies. And NONE of those companies is on the same planet as Mark Pesce. I'm an extroverted guy, I like to get in on scuttlebutt, and I've never heard anything like what he is talking about."
I've never had cancer so why are we spending millions and millions tackling it?
C.
Well, both. Wikipedia is talking about full-year users (170m) and Statista is talking about monthly users (about 50m). If you follow the link in the Wikipedia page, you'll get to a South Korean financial news article that says:
"KakaoTalk ... had 170 million subscribers at the end of last year and 48 million monthly active users (MAU)."
C.
"Surely hardware needs a driver"
In this case, a generic ACPI driver that accesses the hardware in a uniform and standard way - via ACPI and the ARM server and boot standard (Register passim) - rather than specific Qualcomm and Cavium chipset driver code.
C.
"The Register would focus on the technical details"
There are very few technical details in the WL dump - and we've linked to the most interesting stuff for you to read yourself. There is basically not much of worth in the leak, relative to the hype, which makes us wonder why St Jules went to the trouble of going ballistic over it...
"The CIA is paying contractors to develop zero day vulnerabilities, does not inform the vendors and then the malware leaks"
We've written pages and pages and pages about the IC hoarding vulns. And no malware nor exploits leaked in this WL dump.
C.
I know, I know. I've been really busy, I'm completely stressed out, give me time. I'm at OCP Summit on Wednesday and cleared Thursday to focus on AMD. In the meantime, a colleague in the UK is covering the Zen server chips for this week.
At El Reg, bad news is a priority: crashes, hacks, cockups, scandals and crime come first. And lots of that has been happening.
PS: We're seeking a full-time semiconductor news reporter to take chips off my hands. If you, a friend or anyone else reading thinks they can cover CPUs, GPUs, ucontrollers and ASICs and FPGAs for The Reg, email me: cwilliams at theregister dot com.
C.
Well, I'm sad you don't believe me, but it's the truth. I wrote about Zen last year. When Ryzen was announced at the end of 2016, all that was revealed was the name, and then later on, the on-sale date was announced, and tomorrow it's coming out.
At El Reg, we don't really do the whole trickle-feed of hype. I'd rather wait for the thing to arrive and do one decent story on it rather than act as an external marketing wing for AMD.
We've written about Hololens and the S8 and so on, but we also wrote about and mentioned Zen last year - in August, September, April, and October. Where I've written about Hololens, it was either in passing about Windows 10 or was an exclusive on the headset's DSP chipset.
I can tell you're a massive fan of AMD, and I'm pleased for you. But I'm not going to act as the advertising wing of a multibillion-dollar corp, especially when other sites are tripping over themselves to say nice things about the CPU.
C.
Um, well, you can use spare cycles to perform ML *inference* to optimize the system. Inference is very cheap. You're probably thinking of training, which is intensive. Modern ARM cores are beefy enough to do inference.
Basically, ideally, you train the system offline to optimize memory allocation, deallocation and organization based on loads of different scenarios (which types of apps are running, for how long, with how much charge, etc), build that model and code into your firmware. Then the phone can make better decisions on how to save power or provide performance, all through cheap inference.
More operating systems should do this. Forget the AI/ML hype, this is useful stuff for letting devices cope with a large range of users and their demands, without an ugly codebase of heuristics, if-elsif, and switch() blocks.
C.
We disagree with LINX's incorrect claim that there is no gag clause. There is a clear update to the constitution that means information will be withheld from members if legally necessary. Within the context of the IP Act, that means secrecy orders attached to surveillance demands.
LINX was also obviously, from consultation documents, considering the impact of the IP Act when it was drawing up this constitution tweak. We also ran this article's claims by LINX prior to publication, and the result is the official quote at the end of the story. It is disappointing to see LINX fail to accept the findings and criticism presented by The Register.
Here's the relevant text from the amended constitution highlighted.
C.
"I haven't heard of a single Trump-based scandal."
I almost rejected this for its sheer stupidity but I'll leave it here for all to see. You're either expertly trolling, or helping to fuel the creeping post-fact neurosis that's threatening to poison the great nation that is America.
There are so many fuck ups, it's hard to know where to begin. Firing his acting AG who turned out to be right. Bannon's bungled Muslim ban. Michael Flynn. The constant lies and completely unsupported assertions, especially about voter fraud. Russia. Nordstrom. The OPSEC comedy performance art at Mar-a-Lago. The crappily written exec orders. The fact that the exec orders on the WH website do not match what was signed. Acting tough on China until it granted him his trademark. Putting Betsy DeVos in charge of education. Having anything to do with Jeff Sessions, let alone making him Attorney General, after he was deemed too racist to be a federal judge in the 1980s. And so on.
You get the picture. It also means I highly, highly doubt anything else you write since you see the world through such a warped lens.
C.
I hate to literally "actually" into a conversation but...
Actually, we went HTTPS well before 2017: experimentally, while we worked in things like ads, layout components, the mobile design, and so on, HTTPS was available, we just didn't hype it before it was ready. If you tweaked the URL from HTTP to HTTPS you would have had a nice surprise. We've been working on encrypted Reg reading for months :) Props to Marco, Tony and the tech team for their work. It takes time because there are so many components to a page, and all need to be served securely.
So in short, if you hit a HTTP link, change it to HTTPS. Gradually, these will all become HTTPS automatically.
C.
IGNORE ADAM. HTTPS HERE :D
C.
"OTOH, why are we discussing beating laws in Russia as opposed to say, beating laws in Saudi Arabia again?"
See Register passim etc.
C.