* Posts by diodesign

3253 publicly visible posts • joined 21 Sep 2011

If you want to make your own chip and aren't Microsoft rich, who do you turn to?

diodesign (Written by Reg staff) Silver badge

Re: How do they compare?

There are some others. Eg,

MOSIS – this takes the same multiple-designs-per-wafer approach and works with TSMC, Intel, and GF. These have been around for ages.

Europractice is another broker for access to foundries

IC Alps often pops up

Minimal Fab Nederland is gauging interest

There is a choice. If there's an interest in low-volume chip making, we'll explore the area more and speak to others. I dream of having the time and budget to design and make a simple vulture chip for an article series.

C.

Even complex AI models are failing 5th grade science

diodesign (Written by Reg staff) Silver badge

Re: Interpreter please

5th grade is 10-11 years old.

C.

CafePress fined for covering up 2019 customer info leak

diodesign (Written by Reg staff) Silver badge

What's $500k to Cafepress?

As an aside, Cafepress's quarterly revenue was $15m in 2018, on which it made a $1.5m loss. That year it was acquired and taken private by Snapfish for $25m, got hacked in 2019, and was sold to PlanetArt in 2020.

Those are the final financial figures we have for it.

C.

Intel to spend €17bn on chip mega-factory in Germany

diodesign (Written by Reg staff) Silver badge

'the wrong metaphor'

We can kinda use words how we want around here. Call 911 if you don't like it.

C.

diodesign (Written by Reg staff) Silver badge

Writing

FWIW though Agam is a US citizen writing in the US, he didn't do the headline. I did, and I'm a British citizen in the US.

Whenever we publish in US time, we try to use US spelling. In fact, we're gradually moving to all US spelling to make the site consistent.

C.

diodesign (Written by Reg staff) Silver badge

How big?

Uuuuuuuuuge. The biggested and bestest possible.

C.

Another data-leaking Spectre bug found, smashes Intel, Arm defenses

diodesign (Written by Reg staff) Silver badge

'ended up'

Well yeah, that's why we used the words "ended up," as in: one way or another, they put performance before security.

It could have been intentional, it could have been accidental. I've heard anecdotally in the Valley that some CPU designers had an inkling that speculative execution left a trace in the cache that could be used to leak data but thought it was either theoretical or not worth worrying about.

C.

Chip world's major suppliers of neon gas shut down by Ukraine invasion – report

diodesign (Written by Reg staff) Silver badge

Get in the f***ing robot, Shinji

I'm glad someone got it.

C.

If you want to connect GPUs direct to SSDs for a speed boost, this could be it

diodesign (Written by Reg staff) Silver badge

Just check out the paper

It's just an interesting way to get threads on GPU cores to talk direct to NVMe SSDs to get the data they need in a fine-grained, software-cached manner that specifically suits the access patterns of GPU-bound applications.

Yeah it involves DMA and all that. It's not claiming to have reinvented or come up with DMA; it's an application of it specific to GPU workloads.

C.

Google introduces new Cloud infrastructure pricing

diodesign (Written by Reg staff) Silver badge

Timing

The 'X hours' string is generated using client-side JavaScript running in your browser.

The webpage contains the exact time and date, and the code on the page converts that into 'X hours ago' based on the local time of your device. So the time on your device was out.

To me, it says your comment was posted an hour ago.

C.

SPEC mulls benchmarks for ML processing performance

diodesign (Written by Reg staff) Silver badge

IDC figures

I think the point is that it's too early to know exactly how much was spent in 2021, so IDC is guesstimating right now.

C.

Developer adoption is our priority, profits second, Cloudflare tells bankers

diodesign (Written by Reg staff) Silver badge

'deleting my post'

FWIW your now-deleted previous post made what looked like a baseless accusation of criminal activity so a moderator removed it.

Also FWIW Cloudflare's pretty open about the position it takes: it doesn't want to decide what's right or wrong on the internet. It doesn't want to be the arbiter of what is allowed to be hosted. Eg:

Cloudflare: We dumped Daily Stormer not because they're Nazis but because they said we love Nazis

Cloudflare speaks out amid allegations it safeguards banned terror gangs' websites

If you report spam or malware-based abuse to Cloudflare, feel free to CC us in (news@theregister.com) and we'll take a look at the same time.

C.

VMware offers hardware compatibility list for home labs

diodesign (Written by Reg staff) Silver badge

Just a stock image

It's just a generic pic to indicate someone tinkering with kit at home. I've changed the pic.

C.

Microsoft patches critical remote-code-exec hole in Exchange Server and others

diodesign (Written by Reg staff) Silver badge

Re: HEVC "data" files contain executable code?

No, they're not supposed to contain arbitrary code.

What happens is, with these kinds of bugs, is that there is a payload of instructions carefully placed within the multimedia file that is otherwise just data. When the file is parsed, the vulnerability in the parser is exploited to allow the payload to eventually execute.

There are steps in between to get around the OS's security defenses.

C.

Linux distros patch 'Dirty Pipe' make-me-root kernel bug

diodesign (Written by Reg staff) Silver badge

Re: Linux Bias?

"How big would the article be for a Windows vuln that let any fucker get admin privileges?"

For a Windows vuln for which patches are already out? Typically a few sentences: there are EoP holes in every Windows Patch Tuesday.

If we write a whole article about an EoP it's usually because a patch isn't out yet (it's a zero day) or it's being actively exploited or that the bug is particularly interesting, or that someone on the team was at a loose end and had enough time and material to write a whole article.

"C'mon El reg, there was a time when you weren't afraid to put the boot into ANY OS, even Linux. Are you really that frightened of a load of pissy comments?"

No. We often assign stories based on how much time and scribes we've got available. For Dirty Pipe, we wanted to get it out as soon as possible as the next lead item on the weekly roundup.

In fact think of it as a Dirty Pipe story with bonus material, as the DP section is quite a lot more than a couple of paragraphs.

We'll look at the Android angle next (it's also mentioned in the article).

Good news is that we've hired two writers this month to cover security, so expect more security stories sooner rather than later.

"Step the fuck up."

Sigh, why this angry?

C.

diodesign (Written by Reg staff) Silver badge

Re: Example

If you overwrite an entry in /etc/password so that the password field is blank, no password is needed. (If there's an x, use the shadow file.)

So, just blank out root's password entry with the DirtyPipe overwrite and everyone can get root.

PS: Another example would be to pick a root-owned setuid binary and overwrite it so that it simply spawns a root shell, and then restore the binary to normal.

C.

Here's why prolonged Russia-Ukraine war would be really bad for us, say chip designers

diodesign (Written by Reg staff) Silver badge

Confused

How do you mean?

C.

The time we came up with a solution – and found a big customer problem

diodesign (Written by Reg staff) Silver badge

Patch level

The sidebar was there right from the start for those who needed an intro to MPLS.

C.

Study: AI detects backdoor-unlocking DNA samples

diodesign (Written by Reg staff) Silver badge

Hype

FWIW there is no commercial project linked to this or anything like that, from what I can tell, so there's no snake oil to sell here.

It's an interesting attack vector that we thought we'd write about. We'll stay away from more theoretical attacks in future.

C.

diodesign (Written by Reg staff) Silver badge

'If the lab already is already infected with a trojan'

I guess the point of this is that - a la SolarWinds - you modify some popular software in a supply chain attack, and the code is deployed all over the world.

In order to target specific labs, you get them to process a sample with an IP address and port in it so you know which lab you're breaking into.

It's very theoretical, we thought it was interesting, and we think readers will understand the threat. We'll keep the feedback in mind for future.

C.

diodesign (Written by Reg staff) Silver badge

Re: AI triggered backdoor

Ah yeah, they are closely related.

The DNA issue is encoding hidden messages in perfectly valid data, and having an AI spot that; and the trigger detection is identifying when a model is seemingly deliberately misbehaving on special inputs.

One involves undoing steganography in input data, and the other sensing that a model has a secret trigger.

C.

AI-designed drug to treat deadly disease now tested on humans

diodesign (Written by Reg staff) Silver badge

Re: Proof reading

Yeah, we missed out a word. It's fixed. Email corrections@theregister.com if you spot a typo, please.

FWIW we prioritize being accurate and technical. If you spot a typo in a story – like a missing word or wrong tense, or something – it's because whoever was writing or editing the piece had their mind on something more important, or was on a deadline.

C.

Google's Chrome OS Flex could revive old PCs, Macs

diodesign (Written by Reg staff) Silver badge

+1 ChromeOS

My wife only ever used her Windows laptop with Chrome and things that could run in Chrome. So I got her a decent Chrome laptop. Updates regularly. Just runs Chrome.

Much less hassle than having to fix a Windows Vista / 10 / 11 laptop. FWIW I use Fedora on my personal systems and Debian on work systems.

C.

Massive cyberattack takes Ukraine military, big bank websites offline

diodesign (Written by Reg staff) Silver badge

Defacement

Yeah, noted.

C.

Russian 'Minecraft bomb plot' teen jailed for five years

diodesign (Written by Reg staff) Silver badge

Charges etc

We've added to the piece more info one what they teens were convicted of. The media has focused on the FSB building bit because it's kinda amusing and also, the boys went and did something to the actual building.

They were also charged with making and planning to test their homemade explosives in empty buildings, using Pringles cans as containers.

C.

Tesla to disable 'self-driving' feature that allowed vehicles to roll past stop signs at junctions

diodesign (Written by Reg staff) Silver badge

Re: Not a "bug"

Yeah, yeah, it's a feature. We saw it as a bug - as in, software operating as we wouldn't expect it to - but it is technically a feature so we've fixed up the article accordingly.

C.

Intel fails to get Spectre, Meltdown chip flaw class-action super-suit tossed out

diodesign (Written by Reg staff) Silver badge

Re: Defective?

IMHO it's possible to argue that Meltdown was a defect because Intel trivially broke one or more of the data security guarantees it gave in its documentation (IIRC, it's been a while so ICBW).

Spectre's a bit different IMHO because while it could be exploited to leak data, it was more like discerning info through instrumentation.

Whereas, Meltdown was as simple as placing a load after a branch instruction and seeing if the load was speculatively executed even if the branch was taken. And it was found that the speculative load occurred before security checks were performed, allowing one to figure out the content of memory that would have been trapped if read directly.

AIUI the chap who found Meltdown - a Googler straight out of uni - read the Intel soft dev manual, saw the part that said if a branch is taken, the CPU won't execute the instructions that follow immediately after the branch, and thought, 'yeah but I wonder if it does?'

Meltdown to me looked trivial to exploit, just a straight up bug in the design of the pipeline. Spectre looked more nuanced: a side effect of other optimizations.

As I said, ICBW.

C.

Nvidia reportedly prepares for un-Arm'd combat with rivals: $40bn takeover may be abandoned

diodesign (Written by Reg staff) Silver badge

Re: Nvidia Disarmed?

Thanks. Just a bit busy with other things right now and didn't want to hold up the article while trying to think of something clever.

To reveal what's behind the curtain, we were having a debate over whether Nvidia's statement was a denial or not. We decided it wasn't a denial – it was Nv putting on the best spin it could publicly – and that was what drove the headline, getting that right, not making a pun.

When -- sorry, if -- the deal collapses we'll do Nvidia loses Arm's race or something like that.

I might have to steal disarmed for something like RISC-V or x86 diss-Arms for the next round of benchmark claims.

C.

Joint European Torus celebrates 100,000 pulses: Neither Brexit nor middle age has stopped '80s era experiment

diodesign (Written by Reg staff) Silver badge

Wrong materials

Hi -- thanks. We got our materials mixed up, and now fixed. Don't forget to email corrections@theregister.com if you spot anything wrong, please.

C.

UKCloud acquired: Public sector specialist finally bags investment from current chair and private equity after reporting steep losses

diodesign (Written by Reg staff) Silver badge

Re: Choosing not to report

Hi -- What we meant to say was that we didn't report on the rumors at the time because we didn't want to cause harm with unverified tip offs. If we're gonna say an organization is about to collapse, we want to be really sure of it.

We never shy from reporting on something just because it might end in bad publicity. For that reason, I've taken out the paragraph.

C.

For those worried about Microsoft's Pluton TPM chip: Lenovo won't even switch it on by default in latest ThinkPads

diodesign (Written by Reg staff) Silver badge

Re: Mitigates against bugs like Spectre and Meltdown??

No, what we (and Microsoft) means is: tightly coupling the coprocessor to the CPU cores within the same package makes it harder for someone to sniff the communications.

It might be possible to do that with a side-channel attack, but really it's about stopping physical bus snooping.

C.

Robotic arm on China's space station does a demo, swings out 20 degrees and back while holding cargo ship

diodesign (Written by Reg staff) Silver badge

Re: Lifting in space

Yeah, yeah, you know what we mean: it's fixed.

C.

Fugitive mafioso evaded cops for two decades until he was spotted on Google Street View

diodesign (Written by Reg staff) Silver badge

Re: Fugitive mafiosi evaded cops for two decades

Thanks - it's fixed. Don't forget to email corrections@ if you spot an issue please so we can fix it right away

C.

IntelliJ IDEA plugin catches lazy copy-pasted Java source

diodesign (Written by Reg staff) Silver badge

Plugin's goal

Actually, the plugin is pretty simple: it checks to see if there is cut'n'pasted code in a file from other parts of the project (or maybe even just the same file).

If that happens, it's generally a sign of poor programming, so it may suggest you refactor (try again). I've tweaked the headlines to reflect this.

C.

Google joins others in Big Tech: Get vaccinated – or you're fired

diodesign (Written by Reg staff) Silver badge

Not all beds are the same

Not all hospital beds are the same: different wards, different levels of care, etc. I don't even have to assume that figure you gave is correct.

The point is: hospitals are at near capacity -- around 95% in the UK this week – and a surge in COVID-19 cases will push them over the edge, and people will be denied or given limited care. That's why we vaccinate: so we don't clog up the health system, and put others in danger, with a mostly solved problem.

"The NHS was put on a crisis footing as hospitals in England were told to discharge as many patients as possible while estimated daily Omicron cases hit 200,000 and the variant claimed its first life in the UK." (Source)

"Hotels are being turned into temporary care facilities staffed with workers flown in from Spain and Greece to relieve rising pressure on NHS hospital beds." (Source)

C.

diodesign (Written by Reg staff) Silver badge

'booster vaccines multiple times per year'

Keep on movin' those goal posts.

In fact, keep on moving them all the way out the door, down the street, over the road, across the bridge, all the way into a pharmacy or a doctor's office, all the way over to the uncomfortable chair where you can sit down and get a jab and move on.

C.

diodesign (Written by Reg staff) Silver badge

'no jab, no job'

Oh no.

Well, you can always work where there isn't a requirement. Or wait a few years for it hopefully die down. Smoking is banned everywhere. I see no difference.

C.

diodesign (Written by Reg staff) Silver badge

'we shouldn't stigmatize the unvaccinate'

Or we absolutely should. It would be idiotic to not vaccinate for measles or chickenpox, or the flu... what makes COVID-19 so special?

C.

diodesign (Written by Reg staff) Silver badge

'not very effective at preventing infection and transmission'

Personally speaking, I don't care how spreadable it is if it's been reduced, through vaccination or mutation, to literally nothing more than a bad cold -- no long-term effects, no risk of death.

I can put up with a cold.

"COVID case rates among the fully vaccinated are now higher than those in the unvaccinated"

I don't know what point you're trying to make here but if it's what I think it is, you're off base. The same report you quote says: "Comparing case rates among vaccinated and unvaccinated populations should not be used to estimate vaccine effectiveness against COVID-19 infection."

C.

Apple quietly deletes details of derided CSAM scanning tech from its Child Safety page without explanation

diodesign (Written by Reg staff) Silver badge

Spin it up

Well, they didn't comment to us when we asked. I've added an update. No explanation for the quiet disappearance of the text. Classic Apple.

Never explain, never apologize.

C.

CompSci boffins claim they can recreate missing lines in log files

diodesign (Written by Reg staff) Silver badge

Re: Example?

I've added an infographic and a link to a summary of the study by one of the universities. It basically, to me, works by figuring out what data from various sources is needed to create a log's entries, and then automating the process of generating missing entries from that data.

C.

Popular password manager LastPass to be spun out from LogMeIn

diodesign (Written by Reg staff) Silver badge

Re: Log4j version 2.15 vulnerable to CVE-2021-45046

Yeah, we're just about to run an update on it.

C.

Is VPOTUS Bluetooth-phobic or sensible? The answer's pretty clear

diodesign (Written by Reg staff) Silver badge

Nuclear football

I think everyone who reads The Reg knows what the nuclear football is in the context of the vice president of the United States of America. It's been referenced on TV, and in movies, articles, and books.

It's like we don't have to explain what the FBI is. Everyone's seen the X Files.

C.

UK Home Secretary delays Autonomy founder extradition decision to mid-December

diodesign (Written by Reg staff) Silver badge

Re: This is bonkers!

FWIW as explained in the side bar, HPE is suing Lynch in England, at the High Court, and US prosecutors also want him in the States on criminal fraud charges.

He's got a lot on his plate.

C.

Rust dust-up as entire moderation team resigns. Why? They won't really say

diodesign (Written by Reg staff) Silver badge

No one really knows publicly

We also asked on Twitter and no one seemed to know.

C.

Alleged Brit SIM-swapper will kill himself if extradited to US for trial, London court told

diodesign (Written by Reg staff) Silver badge

"My previous comment on this thread was modded"

Yeah we switch on manual moderation for sensitive court cases that make our legal ppl jumpy.

C.

There's no Huawei back now: Biden signs law that forbids US buyers acquiring kit on naughty list

diodesign (Written by Reg staff) Silver badge

"You can't mix Present Perfect with Past Simple in the same clause"

Yeah it's an error that happens when a sentence is partially edited and the rest is left unchanged, accidentally.

It's a process oversight rather than a misunderstanding of the language. Don't forget to hit the corrections link or email corrections@ if you spot something wrong.

C.

Apple is beginning to undo decades of Intel, x86 dominance in PC market

diodesign (Written by Reg staff) Silver badge

Analysts

We'll have to agree to disagree: we've found Dean to be pretty reliable and there's no hype or over-hype to what he's said.

C.

Earth's wobbly companion is probably the result of a lunar impact, reckon space boffins

diodesign (Written by Reg staff) Silver badge

To clarify:

The MOID is 5.2 million km, and for those of us who aren't astronomers, in practical terms, the closest the rock and Earth get is 14.5 million km.

C.

Let us give thanks that this November, Microsoft has given us just 55 security fixes, two of which are for actively exploited flaws

diodesign (Written by Reg staff) Silver badge

Re: And they still haven't fixed network printing

Thanks -- now noted in the piece, and we'll keep it on our radar.

C.