• The top story of the day is The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies. (Bloomberg)
  
  The story is that a tiny chip - smaller than a grain of rice - was added to certain SuperMicro motherboards, used by companies including Apple and Amazon and various US government departments, that would subvert the security of the BMC module (a sort of remote control for servers) and allow hackers arbitrary remote access.
  
  The story has been corroborated by official statements from Apple and Amazon.
  
  No, wait, not corroborated, what's the other one? Excoriated.
  
  They did everything but declare Bloomberg anathema and launch a holy war, and I wouldn't be all that surprised if that happens tomorrow.
  
  Apple

  Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple. Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.
  
  On this we can be very clear: Apple has never found malicious chips, "hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.

  Amazon

  Today, Bloomberg BusinessWeek published a story claiming that AWS was aware of modified hardware or malicious chips in SuperMicro motherboards in Elemental Media’s hardware at the time Amazon acquired Elemental in 2015, and that Amazon was aware of modified hardware or chips in AWS’s China Region.
  
  As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue. At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government.
  
  There are so many inaccuracies in ‎this article as it relates to Amazon that they’re hard to count. We will name only a few of them here. First, when Amazon was considering acquiring Elemental, we did a lot of due diligence with our own security team, and also commissioned a single external security company to do a security assessment for us as well. That report did not identify any issues with modified chips or hardware. As is typical with most of these audits, it offered some recommended areas to remediate, and we fixed all critical issues before the acquisition closed. This was the sole external security report commissioned. Bloomberg has admittedly never seen our commissioned security report nor any other (and refused to share any details of any purported other report with us).

  So far there is no independent verification of any of Bloomberg's claims. All their sources are anonymous, and none have spoken to any other news outlet.
  
  There's basically two ways this can go: Either two of the world's largest companies just invited regulators and class-action lawyers to tapdance on their heads, or Bloomberg just proved once again that those layers and layers of fact-checkers are less use than a fishnet umbrella on the Moon.
  
  Serve the Home is dubious and adds this:

  First and foremost, I think we need to call for an immediate SEC investigation around anyone who has recently taken short positions or sold shares in Supermicro. With the accompanying Supermicro stock price hit that was foreseeable prior to the story, if anyone knew the story would be published, and acted on that non-public or classified information, the SEC needs to take action. There seems to have been over 20 people that knew about this.

  
  This article by the grugq [seriously] delves deeper.  His conclusion: BMC is an active threat in itself, but the Bloomberg story fails in achieving even basic standards of verification.
  
  My take on all this - provisional, pending actual evidence - is that Bloomberg got played.  And they got played because they are morons.
  
  No-one interested in getting a security story out would take it to Bloomberg - they are completely and utterly incompetent to evaluate such claims, or even to research the story.
  
  Any actual security researcher would have a field day with this.  Any skilled security researcher would have it blown wide open inside a week.  Bloomberg took three years to report on it, and at the end, they still have nothing to show but anonymous hearsay.
  
  Who perpetrated the hoax, and for what reasons, is an open question, and we may see hints based on which three letter agency shows up to ask pointed questions of the idiots at Bloomberg.
  
  As a side note: Any tech journalist who is still reporting this as "well sourced" is not to be trusted about anything, not even reading press releases verbatim.
  
  
• Nokia is making phones again. (AnandTech)
  
  More than that, they seem to be making really good phones.

• Spain just made jokes illegal. (TechDirt)
  
  
• France just made the truth illegal. (TechDirt)
  
  
• Facebook's staff are mindless twatwaffles. (Axios)
  
  
• A team of left-wing scholars who still retain intellectual integrity planted a series of fake articles in peer-reviewed academic journals - including a study of rape culture in dogs and a hastily-edited chapter from Mein Kampf.
  
  They only managed to trick feminist and post-modernist journals, not serious sociology journals, but even so they were only found out when Twitter account @RealPeerReview, which is dedicated to puncturing pseudo-intellectual puffery, started digging into the dog rape article and uncovered the skeletons in the closet.

Posted by: Rick C at Saturday, October 06 2018 12:35 AM (Q/JG2)

Hide Comments | Add Comment

• In an unexpected outbreak of sanity, 802.11ax has been renamed Wi-Fi 6.  (AnandTech)
  
  802.11ac and 802.11n are retroactively now Wi-Fi 5 and 4 respectively.
  
  There are some other specialised forms of 802.11, but for mainstream users you just need to know that higher numbers are better.
  
  
• Amazon has a new version of the Fire TV Stick, supporting 4K at 60Hz, Dolby Vision and Atmos, and HDR.  (AnandTech)
  
  And Wi-Fi 5.
  
  Fifty bucks.
  
  
• AMD will talk about 7nm CPUs and GPUs in a CES keynote in January.  (Tom's Hardware)
  
  Not clear whether there will be any product announcements or just an overview, but samples are already in the hands of major customers.
  
  
• Cloudera and Hortonworks are merging to form a single $5.2 billion company.  (TechCrunch)
  
  Which is one of those things that is either big news to you or means absolutely nothing.
  
  
• Japan has issued draft guidelines regarding experimental gene-editing of human embryos.  (Nature)
  
  Catgirls.
  
  
• LG's V40 phone has five cameras - one at the front, three at the rear, and one to see into parallel universes where you're better looking and have shaved recently.  (Hot Hardware)
  
  
• CRM platform Zoho was recently taken offline for hours by their domain registrar over supposed phishing scams.
  
  Turns out there is something to that, though not by Zoho itself.  (Bleeping Computer)
  
  
• DigitalOcean has Kubernetes but is in treatment and should be better soon.

• Wired has posted an article - and I use the term advisedly - titled Brett Kavanaugh and the Information Terrorists Trying to Reshape America.  (Wired)
  
  The piece is pure propaganda.  The author, one Molly McKew, describes herself as a "narrative architect" - i.e. propagandist - and lists her previous work for Georgian president Mikheil Saakashvili, who fled his country ahead of a corruption prosecution and is in hiding in Ukraine, and Moldovan prime minister Vlad Filat, who wasn't quick enough and was jailed for 9 years after being convicted on corruption charges in 2016.
  
  This Medium post completely dissects McKew's chequered history.

Posted by: muon at Wednesday, October 10 2018 09:44 PM (vMYTH)

Posted by: muon at Wednesday, October 10 2018 09:46 PM (vMYTH)

Posted by: Pixy Misa at Thursday, October 11 2018 12:04 AM (PiXy!)

Hide Comments | Add Comment

• Microsoft releases their new Surface lineup. (AnandTech)
  
  They have new CPUs, and are now available in a choice of colours: Grey or black.
  
  And that's it. HP needn't have worried.
  
  
• Microsoft also released the Windows 10 October update. (PCPer)
  
  It has... Something. Probably. Exciting stuff from Microsoft.
  
  
• Microsoft also announced headphones. (Tom's Hardware)
  
  They cost $349 and are headphones.
  
  Microsoft are really hitting it out of the plate today.
  
  
• Wait - Microsoft also updated the Surface Studio. (TechCrunch)
  
  While still ferociously expensive, it at least has decent specs, with a quad-core i7 CPU and GTX 1060 or 1070 graphics, and a 1TB or 2TB SSD replacing the absurd laptop hard disk of the original.
  
  

• Sweden bans memes. (TechDirt)
  
  
• Someone apparently tried to assassinate President Trump, Secretary of Defense James Mattis, and Admiral John Richardson, chief of Naval Operations. (CNBC)
  
  Meanwhile, Twitter is arguing about whether it matters that someone threw ice at someone in a bar thirty-five years ago.
  

  "This letter makes it clear that not only was it a part of their life, and a regular part of their life, but it was a core a part of their life and something they did to excess." - NYT's David Enrich, who helped break the story of Kavanaugh's 'obnoxious drunks' letter pic.twitter.com/CfYRn8kYVL

  — CNN Tonight (@CNNTonight) October 3, 2018

Posted by: The Brickmuppet at Thursday, October 04 2018 12:07 PM (3bBAK)

Posted by: Pixy Misa at Thursday, October 04 2018 03:55 PM (PiXy!)

Hide Comments | Add Comment

• I really need to deploy that new editor with its auto-save feature.
  
  
• HP announced their Spectre Folio, a leather-wrapped convertible laptop like the Spectre x2 only extra leathery.  (AnandTech)
  
  It's hamstrung by a 5W CPU (the x2 has a 15W part).  I'm guessing it's fanless and silent and has great battery life, but the x2 can actually do stuff.
  
  Microsoft is launching new Surface hardware in the next few hours, so this is HP trying to grab some news in front of that event.  Good luck with that; they make great hardware but their marketing department needs to be fired en masse:

  "Have you sniffed your PC recently?" Wolff asked. "Other than a whiff of ozone, they generally really don't have a smell, there is no memory associated with them. It's pretty cold. We wanted something that offered more than that, and that was our mission."

    (ZDNet)
  
  Really, HP, you just needed to note that it has separate PgUp/PgDn/Home/End keys and I'd be sold.  (Thurrott.com)
  
  It does look good, I must admit.
  
  
• Chrome 69 sucks.  I've had more problems with it than the last 50 release combined.  Guess they were too busy mangling URLs to wrangle bugs.
  
  
• Houston we have a problem with our robot brothel.  (ZDNet)
  

• France may have just banned Twitter  (TechDirt)
  
  Smartest thing France has done since...  Wait, I'm thinking...

• The DOJ is suing California over their new net neutrality legislation.  (TechCrunch)
  
  I wasn't comfortable with the federal government regulating net neutrality, and for exactly the same reasons I'm not comfortable with the federal government preventing the states from regulating net neutrality. 
  
  More knowledgeable observers than I are citing Wickard v. Filburn as the constitutional basis for this.  I was aware of that decision but didn't know it by name.  It essentially rules that intrastate commerce is interstate commerce because if you are engaging in intrastate commerce you have removed yourself from the totality of interstate commerce which means that you are altering the scope of interstate commerce and can be regulated by the federal government under the Commerce Clause EVEN IF YOU NEVER ENGAGED IN COMMERCE IN THE FIRST PLACE because it would have impacted price stabilisation programs which as a libertarian-leaning Australian strikes me as fucking insane.
  
  So a single farmer from Ohio growing wheat to feed his own animals in 1938 could decide the fate of the entire internet.
  

• molten is a minimal, extensible, fast and productive framework for building HTTP APIs with Python.
  
  [Looks at code samples.]
  
  You've turned Python into Ruby.  That's amazing.  I'm not even mad.

  
  
  

Posted by: Rick C at Tuesday, October 02 2018 04:00 AM (Q/JG2)

Posted by: Rick C at Tuesday, October 02 2018 04:02 AM (Q/JG2)

Posted by: Pixy Misa at Tuesday, October 02 2018 04:25 AM (PiXy!)

Posted by: The Brickmuppet at Tuesday, October 02 2018 04:36 AM (3bBAK)

Posted by: Rick C at Tuesday, October 02 2018 09:14 AM (Iwkd4)

Hide Comments | Add Comment