Re: It's in China
"Lenovo's commie headquarters is in Beijing"
Whoops – ok, fixed.
C.
3253 publicly visible posts • joined 21 Sep 2011
"50,000 times the mass. What's the diameter?"
The boffins don't say (their paper is here).
However, what we can do is calculate the Schwarzschild radius of the phenomenon, which is 147km.
That means if you take enough material that's 50,000 times the mass of our Sun (9.942175 x 10^34 kg in total) and compress it right down to an object with a radius of 147km, the escape velocity from its surface is the speed of light.
C.
> This sort of reporting ranks alongside such tosh as 'advanced persistent threat' and 'sophisticated cyber-attack'
Bear in mind, I hate those words and usually kill them on sight.
> I read El Reg for their technical accuracy not their ludicrous hyperbole
Why not both? Seriously though, the story has the technical accuracy, and the headline is a headline - have you not noticed that we go a little OTT? ;-) You wanna know the truth? I picked "stunning" because it fitted the space better on the page.
C.
> > In order to register someone as dead a form detailing the cause of mortality needs to be filled out by a doctor within 24 hours of that person's final breath.
> This definitely isn't true in the UK - it can take much longer than that to get an autopsy - but it's not clear from context whether it's talking about Australia or the US.
I've tweaked the sentence. I think the gist was supposed to be that a report of the death must be filed within 24 hours of its discovery (not the cause) at least in the U.S.
Don't forget - if you spot something odd in a story, email corrections@theregister.co.uk so it can be looked at immediately.
C.
"If I really want to read stories based on a series of semi-moronic unfunny tweets linked together with the merest hint of snarky journalism than I can spend all day reading the Evening Standard, The Daily Mail and Metro. I would rather not."
It's August. It's silly season. It's some idiot jumping like a moron on the front cover of a mag. Let us have our fun. Just once. Let us out of the cage, master.
C.
The point it was trying to make is that the software and hardware industries have clamped down over the years on curious-minded people reverse-engineering proprietary products and exchanging information on what they've found.
Obviously 'open' things like the RPi are there to be tinkered with. And if you crack open your no-name ethernet-to-USB printer server you bought for 10 bucks from eBay, and reverse-engineer the firmware, no one is going to know.
But, as the person who leaked the Impero encryption key found, vendors will throw lawyers at you if you go public with proprietary information. It's a tricky subject that can't be summed up in one sentence, so I've killed the line from the article.
C.
> > You keep bitchin' on and on about moderation, which is noise"
> Only after (an) immoderate moderator(s) started rejecting my posts.
Thanks for posting comments and adding to the discussion. If something is rejected, just let it go.
> > and you post corrections when you should email corrections@thereg so we can fix them ASAP."
> It's never malicious. Are you sure skins aren't thin?
It's not about that. It's the fact that we don't have time to read every comment, and we do want every story to be accurate. So if you hide corrections in the comments, we may not see it, most readers won't see it, and it's a losing situation. If the correction is spotted, and the story fixed, the comment loses its context and becomes confusing.
It is so much more efficient to email us if you spot something bad. It's like posting a serious bug report in the app store reviews section on a popular app.
> > Many of your posts are allowed through.
> True enough. If you're ever in the SF office, drop me a line. I'll buy you a beer.
Ta. I am always in the SF office.
C.
"Care to comment in public on why many of my posts (over the last year or so that I've been on "the naughty step") have been rejected"
Fine. You keep bitchin' on and on about moderation, which is noise, and you post corrections when you should email corrections@thereg so we can fix them ASAP. Many of your posts are allowed through.
C.
"I think it's worth ponting out that the forums of El Reg are much more civilised, intelligent and readable than most other forums I've seen. I don't know whether it's the vigilance of the moderators or the moderation of the commentards, but the result is good."
Thanks. When a conversation/discussion is flowing, we leave well alone, go for the light touch or only get involved if someone reports a comment.
By weeding out people who are just here to yell abuse at writers and daub e-graffiti on stories, and rejecting early signs of idiocy, we're clearing a space for a witty and knowledgable bunch of vocal readers.
C.
"the bitching about Windows 10 out of the writers here is getting very old"
Consider it an antidote to the acres of arse-licking in the "tech" "press" over Windows 10.
If you want 100% praise for all things Microsoft, CNN is that way --------->
C.
"Sort yourselves out. You're a mess"
It's an opinion piece - it's the opinion of the writer. We have dozens of writers - some staff, some freelance - and we do disagree with each other.
The Reg is a broad church. Would you prefer us all parrot the same thing, or provide a range of opinion and analysis?
Tedious. Post less.
C.
"OK, El Reg journo's, here's a job for you: a table tracking mobile phones and how well they have been tracking Android updates"
We're polling manufacturers this week on their response timings to the Stagefright bugs (there are 7 CVE-listed bugs) and the devices that will be updated – and hope to have something to compare that to, as you suggest.
C.
"your logic is flawed."
You mean, Apple's logic. Look, the matter has gone full disclosure. I can't think of anything more frustrating than an article that says "there's a local root hole in OS X Yosemite. We won't tell you the details, you'll just have to Google it."
Bonkers.
C.
"Congratulations on repeating exploits in detail before they can be fixed"
Apple has fixed it. You just have to upgrade to El Capitan. Don't want to upgrade? No problem, you've been warned and are aware of the risk. There's also a workaround in the story. The exploit has been public knowledge for two weeks – the bad guys already know. You should know too.
"However, the article does not Emphasise that you must first have privileged access through an app."
You've misunderstood. This exploit allows normal software – like a simple tool you've downloaded from the web – to gain root-level access without a password. Without prompting the user for a password. That's bad.
Post less.
C.
"expose such internal structures to do it's job?"
They don't. But they all use memory: they use memory to store variables. Variables store information for the running Flash script file. When you're using variables, you're using memory. If you abuse variables by exploiting one of the hidden design flaws in Flash you can change parts of memory that don't contain script variables but do contain information crucial to the operation of Flash. This allows you to change the way Flash works, which eventually leads to the plugin running malicious code.
Flash doesn't expose its non-variable data to the ActionScript programmer. But it has hidden design flaws that people can find and exploit to access non-variable data, and change the way Flash works.
C.
"It's a scripting language, you shouldn't be able to furtle with internal variable details"
You're thinking too high level. JS and AS can both be vulnerable to memory corruption leading to exploitation. You have to exploit a bug to furtle with the vector length value - such as a buffer overflow or use-after-free().
eg, in ActionScript, let's say your plugin's memory looks like this: B = buffer byte, V = vector byte, L is the vector length, and . = empty space. You've got two objects, a buffer and a vector allocated near each other:
BBBB....LVVVV
There's a missing bounds check on the buffer, so you overflow it by writing too much data to it (from your malicious Flash file) and run over the nearby vector. * = the smashed length:
BBBBBBBB*BBVV
So moving the buffer objects well away from the vector objects prevents you from easily overwriting the length value.
Now, you can do this in JavaScript. There are plenty of exploits in the past where a use-after-free() has been exploited to modify memory allocated on the heap.
C.
if you have Chrome: Open Settings -> click on Advance Settings -> click on the Content settings button -> scroll to the Plugins section -> Select "Let me choose when to run plugin content" -> click on Done -> Close the tab and restart the browser just to make sure.
If you have Firefox: follow these instructions.
All other browsers: reconsider your life choices.
C.
Rox! That's a good choice. Basically, there are so many Linux desktop environments to choose from, I think Scott did a grand job recommending the best for most people. Millions of people read The Register, everyone's going to have an opinion :-)
I've always been an evilwm-level user, personally.
C.
This is, indeed, an homage to the Liverpool Echo's headline (later used by the Sun). We've pointed that out the last time we did a Super Cali heady.
As for the rhythm of the headline: yes, we did sing it out loud, and yes, it is missing a syllable. However, we felt it worked better with a pause to skip the missing beat rather than squeeze in a boring word like 'terms' that would have changed "is something" to "are something" and ruined everything.
Headlines. A serious business.
C.
"Please say Autumn."
We're a UK-owned company, but our writers and editors are Americans. Fall means autumn, and autumn means the Fall.
Let's all work to get along, huh?
(PS: US readers > UK readers in the latest monthly stats. Sorry, Brits. We're trying out best with bonkers boffins headlines.)
C.