* Posts by diodesign

3253 publicly visible posts • joined 21 Sep 2011

CAUGHT: Lenovo crams unremovable crapware into Windows laptops – by hiding it in the BIOS

diodesign (Written by Reg staff) Silver badge

Re: It's in China

"Lenovo's commie headquarters is in Beijing"

Whoops – ok, fixed.

C.

Doubts cast on Islamic State's so-called leak of US .mil, .gov passwords

diodesign (Written by Reg staff) Silver badge

Re: President Password

"That's exactly the kind of password I'd expect."

We are quite cynical. Even so, if you can get away with "david9" on a .mil or .gov account then we're all completely, oh what's the technical term? AH yes, completely fucked.

C.

Put it away: Dwarf's 'supermassive' marvel is actually smallest thing boffins have ever seen

diodesign (Written by Reg staff) Silver badge

Re: moiety

"50,000 times the mass. What's the diameter?"

The boffins don't say (their paper is here).

However, what we can do is calculate the Schwarzschild radius of the phenomenon, which is 147km.

That means if you take enough material that's 50,000 times the mass of our Sun (9.942175 x 10^34 kg in total) and compress it right down to an object with a radius of 147km, the escape velocity from its surface is the speed of light.

C.

'WOMAN FOUND ON MARS' – now obvious men are from Venus

diodesign (Written by Reg staff) Silver badge

Re: mediabeing's boffinry breakthrough

"We're seeing the ghost of a lady Martian waiting for a long gone mass conveyance."

Get the President on the phone - stat.

C.

Another day, another stunning security flaw in Android – this time hitting 55% of mobes

diodesign (Written by Reg staff) Silver badge

Re: Get a grip

> This sort of reporting ranks alongside such tosh as 'advanced persistent threat' and 'sophisticated cyber-attack'

Bear in mind, I hate those words and usually kill them on sight.

> I read El Reg for their technical accuracy not their ludicrous hyperbole

Why not both? Seriously though, the story has the technical accuracy, and the headline is a headline - have you not noticed that we go a little OTT? ;-) You wanna know the truth? I picked "stunning" because it fitted the space better on the page.

C.

It's incredibly easy to bump someone off online, and here's how to do it – infosec bod

diodesign (Written by Reg staff) Silver badge

Re: Clarifications requested

> > In order to register someone as dead a form detailing the cause of mortality needs to be filled out by a doctor within 24 hours of that person's final breath.

> This definitely isn't true in the UK - it can take much longer than that to get an autopsy - but it's not clear from context whether it's talking about Australia or the US.

I've tweaked the sentence. I think the gist was supposed to be that a report of the death must be filed within 24 hours of its discovery (not the cause) at least in the U.S.

Don't forget - if you spot something odd in a story, email corrections@theregister.co.uk so it can be looked at immediately.

C.

Another death in Apple's 'Mordor' – its Foxconn Chinese assembly plant

diodesign (Written by Reg staff) Silver badge

Re: "employees aren't statistics"

"Errr, yes they are"

Heartless. Reevaluate your life.

C.

Moronic Time cover sets back virtual reality another 12 months

diodesign (Written by Reg staff) Silver badge

Re: Please no more stories like this...

"If I really want to read stories based on a series of semi-moronic unfunny tweets linked together with the merest hint of snarky journalism than I can spend all day reading the Evening Standard, The Daily Mail and Metro. I would rather not."

It's August. It's silly season. It's some idiot jumping like a moron on the front cover of a mag. Let us have our fun. Just once. Let us out of the cage, master.

C.

Vision? Execution? Sadly, omission and confusion rule Gartner's virty quadrant

diodesign (Written by Reg staff) Silver badge

Re: anonymous

"Do you Nutanix have there own Hypervisor?"

Yes. See Register passim.

C.

IT security staff have a job for life – possibly a grim, frustrating life

diodesign (Written by Reg staff) Silver badge

Re: Re: Must be late

The point it was trying to make is that the software and hardware industries have clamped down over the years on curious-minded people reverse-engineering proprietary products and exchanging information on what they've found.

Obviously 'open' things like the RPi are there to be tinkered with. And if you crack open your no-name ethernet-to-USB printer server you bought for 10 bucks from eBay, and reverse-engineer the firmware, no one is going to know.

But, as the person who leaked the Impero encryption key found, vendors will throw lawyers at you if you go public with proprietary information. It's a tricky subject that can't be summed up in one sentence, so I've killed the line from the article.

C.

Duncan Campbell: GCHQ and me and a roomful of Reg readers

diodesign (Written by Reg staff) Silver badge

Re: Flash! AAAAHHRRGrrrrggggggggggggrrrrrrr....... It's inexcusable!

See the link in the comments or at the end of the article for a HTML5 vid link.

C.

diodesign (Written by Reg staff) Silver badge

Re: also on The Register's own youtube channel

Thanks, Matt. I've added a link to the story.

C.

Why does it take 8 hours for my posts to be approved?

diodesign (Written by Reg staff) Silver badge

Re: Re: @ diodesign (was: Comparison)

> > You keep bitchin' on and on about moderation, which is noise"

> Only after (an) immoderate moderator(s) started rejecting my posts.

Thanks for posting comments and adding to the discussion. If something is rejected, just let it go.

> > and you post corrections when you should email corrections@thereg so we can fix them ASAP."

> It's never malicious. Are you sure skins aren't thin?

It's not about that. It's the fact that we don't have time to read every comment, and we do want every story to be accurate. So if you hide corrections in the comments, we may not see it, most readers won't see it, and it's a losing situation. If the correction is spotted, and the story fixed, the comment loses its context and becomes confusing.

It is so much more efficient to email us if you spot something bad. It's like posting a serious bug report in the app store reviews section on a popular app.

> > Many of your posts are allowed through.

> True enough. If you're ever in the SF office, drop me a line. I'll buy you a beer.

Ta. I am always in the SF office.

C.

diodesign (Written by Reg staff) Silver badge

Re: Re: @ diodesign (was: Comparison)

"Care to comment in public on why many of my posts (over the last year or so that I've been on "the naughty step") have been rejected"

Fine. You keep bitchin' on and on about moderation, which is noise, and you post corrections when you should email corrections@thereg so we can fix them ASAP. Many of your posts are allowed through.

C.

diodesign (Written by Reg staff) Silver badge

Re: @ diodesign (was: Re: Comparison)

"why do ElReg's moderators have such a thin skin?"

Surprise! We don't.

C.

diodesign (Written by Reg staff) Silver badge

Re: Comparison

"I think it's worth ponting out that the forums of El Reg are much more civilised, intelligent and readable than most other forums I've seen. I don't know whether it's the vigilance of the moderators or the moderation of the commentards, but the result is good."

Thanks. When a conversation/discussion is flowing, we leave well alone, go for the light touch or only get involved if someone reports a comment.

By weeding out people who are just here to yell abuse at writers and daub e-graffiti on stories, and rejecting early signs of idiocy, we're clearing a space for a witty and knowledgable bunch of vocal readers.

C.

No, Microsoft: Your one-billion Windows 10 goal is just sad ... really sad

diodesign (Written by Reg staff) Silver badge

Re: Re: Goodness.

"the bitching about Windows 10 out of the writers here is getting very old"

Consider it an antidote to the acres of arse-licking in the "tech" "press" over Windows 10.

If you want 100% praise for all things Microsoft, CNN is that way --------->

C.

diodesign (Written by Reg staff) Silver badge

Re: Goodness.

"Sort yourselves out. You're a mess"

It's an opinion piece - it's the opinion of the writer. We have dozens of writers - some staff, some freelance - and we do disagree with each other.

The Reg is a broad church. Would you prefer us all parrot the same thing, or provide a range of opinion and analysis?

Tedious. Post less.

C.

Edge out rivals? No! Firefox boss BLASTS Microsoft's Windows 10 browser brouhaha

diodesign (Written by Reg staff) Silver badge

Re: wilburworld

"Apple does the same..."

...is heard so often these days. Doesn't mean it doesn't suck.

C.

NetApp sees IBM/Cisco VersaStack as 'huge' threat to FlexPod

diodesign (Written by Reg staff) Silver badge

Re: rkenson

Funniest post all week. A+

C.

Windows 10 in head-on crash with Nvidia drivers as world watches launch

diodesign (Written by Reg staff) Silver badge

Re: Mountain out of a molehill much?

"One restart was all it took to fix the issue for me"

After Microsoft finally fixed the problem via Windows Update.

C.

Moto fires BROADSIDE into the flagship phone's waterline with X Play and Style

diodesign (Written by Reg staff) Silver badge

Re: Re: Interesting..

"OK, El Reg journo's, here's a job for you: a table tracking mobile phones and how well they have been tracking Android updates"

We're polling manufacturers this week on their response timings to the Stagefright bugs (there are 7 CVE-listed bugs) and the devices that will be updated – and hope to have something to compare that to, as you suggest.

C.

Want longer battery life? Avoid the New York Times and The Grauniad

diodesign (Written by Reg staff) Silver badge

Re: and the same tests done with

Lower readings?

(PS: The guy has Flash blocked by default.)

C.

Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet

diodesign (Written by Reg staff) Silver badge

Re: Re: Congratulations on repeating exploits before they can be fixed

"your logic is flawed."

You mean, Apple's logic. Look, the matter has gone full disclosure. I can't think of anything more frustrating than an article that says "there's a local root hole in OS X Yosemite. We won't tell you the details, you'll just have to Google it."

Bonkers.

C.

diodesign (Written by Reg staff) Silver badge

Re: Congratulations on repeating exploits before they can be fixed

"Congratulations on repeating exploits in detail before they can be fixed"

Apple has fixed it. You just have to upgrade to El Capitan. Don't want to upgrade? No problem, you've been warned and are aware of the risk. There's also a workaround in the story. The exploit has been public knowledge for two weeks – the bad guys already know. You should know too.

"However, the article does not Emphasise that you must first have privileged access through an app."

You've misunderstood. This exploit allows normal software – like a simple tool you've downloaded from the web – to gain root-level access without a password. Without prompting the user for a password. That's bad.

Post less.

C.

Robot surgeons kill 144 patients, hurt 1,391, malfunction 8,061 times

diodesign (Written by Reg staff) Silver badge

Re: How does it compare to human-only surgery?

Comparing the error rate to human surgeons did cross our minds. It would be good to compare, we're still trying to get a number, it's non-trivial.

Edit: Added a bootnote.

C.

TITSUP: Apple Music, App Stores, iCloud, iTunes, Radio, iBooks

diodesign (Written by Reg staff) Silver badge

Re: Total Inability To Provide Usual Purchases

Yeah, I fucked up.

C.

Ashley Madison hack: Site for people who can't be trusted can't be trusted

diodesign (Written by Reg staff) Silver badge

Re: anonymous

"Could the author of the article of the article"

That's easy for you to say.

C.

Google, Adobe barricade Flash against hacker hordes – we peek inside

diodesign (Written by Reg staff) Silver badge

Re: Halt or crash

"Did you mean halt"

I honestly haven't had a chance to check. I expect the plugin to hit exit() as soon as it detects an inconsistency in its memory. It cannot remain running – another thread could be running shellcode.

C.

diodesign (Written by Reg staff) Silver badge

Re: Re: Have we just proven that Flash is a pile of crap yet again?

"expose such internal structures to do it's job?"

They don't. But they all use memory: they use memory to store variables. Variables store information for the running Flash script file. When you're using variables, you're using memory. If you abuse variables by exploiting one of the hidden design flaws in Flash you can change parts of memory that don't contain script variables but do contain information crucial to the operation of Flash. This allows you to change the way Flash works, which eventually leads to the plugin running malicious code.

Flash doesn't expose its non-variable data to the ActionScript programmer. But it has hidden design flaws that people can find and exploit to access non-variable data, and change the way Flash works.

C.

diodesign (Written by Reg staff) Silver badge

Re: Have we just proven that Flash is a pile of crap yet again?

"It's a scripting language, you shouldn't be able to furtle with internal variable details"

You're thinking too high level. JS and AS can both be vulnerable to memory corruption leading to exploitation. You have to exploit a bug to furtle with the vector length value - such as a buffer overflow or use-after-free().

eg, in ActionScript, let's say your plugin's memory looks like this: B = buffer byte, V = vector byte, L is the vector length, and . = empty space. You've got two objects, a buffer and a vector allocated near each other:

BBBB....LVVVV

There's a missing bounds check on the buffer, so you overflow it by writing too much data to it (from your malicious Flash file) and run over the nearby vector. * = the smashed length:

BBBBBBBB*BBVV

So moving the buffer objects well away from the vector objects prevents you from easily overwriting the length value.

Now, you can do this in JavaScript. There are plenty of exploits in the past where a use-after-free() has been exploited to modify memory allocated on the heap.

C.

Seagate wins HP as ClusterStor array reseller, bolts on IBM Spectrum Scale

diodesign (Written by Reg staff) Silver badge

Re: Post a comment link missing on several articles.

A thing broke. Articles are restored. I'm reanimating the comments sections now.

C.

Pan Am Games: Link to our website without permission and we'll sue

diodesign (Written by Reg staff) Silver badge

Re: What happens next

"Ticket sales go through the roof"

'cos everyone's jumping on a plane to Toronto?

C.

Attention dunderheads: Taxpayers are NOT giving businesses £93bn

diodesign (Written by Reg staff) Silver badge

Re: The majority of UK Tax burden is not being paid by companies...

"When are you going to do an article on how much tax normal working people pay"

Tim's covered this. See Reg passim.

C.

Flash HOLED AGAIN TWICE below waterline in fresh Hacking Team reveals

diodesign (Written by Reg staff) Silver badge

Re: Enable click to play?

if you have Chrome: Open Settings -> click on Advance Settings -> click on the Content settings button -> scroll to the Plugins section -> Select "Let me choose when to run plugin content" -> click on Done -> Close the tab and restart the browser just to make sure.

If you have Firefox: follow these instructions.

All other browsers: reconsider your life choices.

C.

Uber to drivers: You make a ton of dosh for us – but that doesn't make you employees

diodesign (Written by Reg staff) Silver badge

Re: Wrong subtitle Reg

We've already done that one! See Reg passim.

C.

Five lightweight Linux desktop worlds for extreme open-sourcers

diodesign Silver badge

Re: Another minimalist here

Rox! That's a good choice. Basically, there are so many Linux desktop environments to choose from, I think Scott did a grand job recommending the best for most people. Millions of people read The Register, everyone's going to have an opinion :-)

I've always been an evilwm-level user, personally.

C.

Trebles all round: The BBC's won this licence fee showdown

diodesign (Written by Reg staff) Silver badge

Re: Public service remit

"Another anti-BBC polemic from Mr. Orlowski."

No one is forcing you to agree with Andrew.

C.

US OPM boss quits after hackers stole chapter and verse on 21.5m Americans' lives

diodesign (Written by Reg staff) Silver badge

Re: error in title...

Well, no. There's an overlap in the original 4 million whose SSNs and addresses and stuff like that were leaked, and the 21.5 million is the background checks and similar information. Two different databases. Same group of people. It's all a bit of a mess, really.

C.

The bucks stop here: NYSE freezes trading, blames 'technical issue'

diodesign (Written by Reg staff) Silver badge

Re: Gremlins?

I think they were referring to the effect the Chinese stock market crashgasm may have on Wall St.

C.

We tried using Windows 10 for real work and ... oh, the horror

diodesign (Written by Reg staff) Silver badge

Re: Re: Sorry but I think this review is RUBBISH

It's possible for people to have different opinions, yes.

C.

Leap second bug?

diodesign (Written by Reg staff) Silver badge

Re: Leap second bug?

It's a coincidence. We are in the middle of moving away from our old provider (Rackspace) to a new CDN. The next lot of changes are due to take place on Sunday. Hopefully by Monday things will have settled down.

C.

Even Apple doesn’t mess with Taylor Swift

diodesign (Written by Reg staff) Silver badge

Re: Streaming is no different than....

"And thanks Andrew for finally using a reasonable picture of Taylor Swift."

You can thank the back bench for that. Swift holding an apple? Perfect.

C.

Super Cali goes ballistic – Uber says it's bogus (even though its contract is something quite atrocious)

diodesign (Written by Reg staff) Silver badge

Re: frank ly

This is, indeed, an homage to the Liverpool Echo's headline (later used by the Sun). We've pointed that out the last time we did a Super Cali heady.

As for the rhythm of the headline: yes, we did sing it out loud, and yes, it is missing a syllable. However, we felt it worked better with a pause to skip the missing beat rather than squeeze in a boring word like 'terms' that would have changed "is something" to "are something" and ruined everything.

Headlines. A serious business.

C.

Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X

diodesign (Written by Reg staff) Silver badge

Re: Come on...

Apple PR thinks that if they ignore us, we'll go away. They are wrong.

C.

It's curtains for you, copper: IBM boffins push the LIGHT FANTASTIC

diodesign (Written by Reg staff) Silver badge

Re: Tweets??

Since now.

C.

Facebook ditches HTML mobe future in favour of Zuck-style JavaScript

diodesign (Written by Reg staff) Silver badge

Re: Java != JavaScript

Argh, it has been fixed.

C.

Everything Apple touted at WWDC – step inside our no-hype-zone™

diodesign (Written by Reg staff) Silver badge

Re: The Fall

"Please say Autumn."

We're a UK-owned company, but our writers and editors are Americans. Fall means autumn, and autumn means the Fall.

Let's all work to get along, huh?

(PS: US readers > UK readers in the latest monthly stats. Sorry, Brits. We're trying out best with bonkers boffins headlines.)

C.

FLYING SAUCER crashes into Pacific off Hawaii - NASA

diodesign (Written by Reg staff) Silver badge

Re: Er...

I took the rest of the day off after that.

(So blame all further typos on me.)

C.