• The top story of the day is The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies. (Bloomberg)
  
  The story is that a tiny chip - smaller than a grain of rice - was added to certain SuperMicro motherboards, used by companies including Apple and Amazon and various US government departments, that would subvert the security of the BMC module (a sort of remote control for servers) and allow hackers arbitrary remote access.
  
  The story has been corroborated by official statements from Apple and Amazon.
  
  No, wait, not corroborated, what's the other one? Excoriated.
  
  They did everything but declare Bloomberg anathema and launch a holy war, and I wouldn't be all that surprised if that happens tomorrow.
  
  Apple

  Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple. Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.
  
  On this we can be very clear: Apple has never found malicious chips, "hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.

  Amazon

  Today, Bloomberg BusinessWeek published a story claiming that AWS was aware of modified hardware or malicious chips in SuperMicro motherboards in Elemental Media’s hardware at the time Amazon acquired Elemental in 2015, and that Amazon was aware of modified hardware or chips in AWS’s China Region.
  
  As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue. At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government.
  
  There are so many inaccuracies in ‎this article as it relates to Amazon that they’re hard to count. We will name only a few of them here. First, when Amazon was considering acquiring Elemental, we did a lot of due diligence with our own security team, and also commissioned a single external security company to do a security assessment for us as well. That report did not identify any issues with modified chips or hardware. As is typical with most of these audits, it offered some recommended areas to remediate, and we fixed all critical issues before the acquisition closed. This was the sole external security report commissioned. Bloomberg has admittedly never seen our commissioned security report nor any other (and refused to share any details of any purported other report with us).

  So far there is no independent verification of any of Bloomberg's claims. All their sources are anonymous, and none have spoken to any other news outlet.
  
  There's basically two ways this can go: Either two of the world's largest companies just invited regulators and class-action lawyers to tapdance on their heads, or Bloomberg just proved once again that those layers and layers of fact-checkers are less use than a fishnet umbrella on the Moon.
  
  Serve the Home is dubious and adds this:

  First and foremost, I think we need to call for an immediate SEC investigation around anyone who has recently taken short positions or sold shares in Supermicro. With the accompanying Supermicro stock price hit that was foreseeable prior to the story, if anyone knew the story would be published, and acted on that non-public or classified information, the SEC needs to take action. There seems to have been over 20 people that knew about this.

  
  This article by the grugq [seriously] delves deeper.  His conclusion: BMC is an active threat in itself, but the Bloomberg story fails in achieving even basic standards of verification.
  
  My take on all this - provisional, pending actual evidence - is that Bloomberg got played.  And they got played because they are morons.
  
  No-one interested in getting a security story out would take it to Bloomberg - they are completely and utterly incompetent to evaluate such claims, or even to research the story.
  
  Any actual security researcher would have a field day with this.  Any skilled security researcher would have it blown wide open inside a week.  Bloomberg took three years to report on it, and at the end, they still have nothing to show but anonymous hearsay.
  
  Who perpetrated the hoax, and for what reasons, is an open question, and we may see hints based on which three letter agency shows up to ask pointed questions of the idiots at Bloomberg.
  
  As a side note: Any tech journalist who is still reporting this as "well sourced" is not to be trusted about anything, not even reading press releases verbatim.
  
  
• Nokia is making phones again. (AnandTech)
  
  More than that, they seem to be making really good phones.

• Spain just made jokes illegal. (TechDirt)
  
  
• France just made the truth illegal. (TechDirt)
  
  
• Facebook's staff are mindless twatwaffles. (Axios)
  
  
• A team of left-wing scholars who still retain intellectual integrity planted a series of fake articles in peer-reviewed academic journals - including a study of rape culture in dogs and a hastily-edited chapter from Mein Kampf.
  
  They only managed to trick feminist and post-modernist journals, not serious sociology journals, but even so they were only found out when Twitter account @RealPeerReview, which is dedicated to puncturing pseudo-intellectual puffery, started digging into the dog rape article and uncovered the skeletons in the closet.

Posted by: Rick C at Saturday, October 06 2018 12:35 AM (Q/JG2)

Hide Comments | Add Comment

• In an unexpected outbreak of sanity, 802.11ax has been renamed Wi-Fi 6.  (AnandTech)
  
  802.11ac and 802.11n are retroactively now Wi-Fi 5 and 4 respectively.
  
  There are some other specialised forms of 802.11, but for mainstream users you just need to know that higher numbers are better.
  
  
• Amazon has a new version of the Fire TV Stick, supporting 4K at 60Hz, Dolby Vision and Atmos, and HDR.  (AnandTech)
  
  And Wi-Fi 5.
  
  Fifty bucks.
  
  
• AMD will talk about 7nm CPUs and GPUs in a CES keynote in January.  (Tom's Hardware)
  
  Not clear whether there will be any product announcements or just an overview, but samples are already in the hands of major customers.
  
  
• Cloudera and Hortonworks are merging to form a single $5.2 billion company.  (TechCrunch)
  
  Which is one of those things that is either big news to you or means absolutely nothing.
  
  
• Japan has issued draft guidelines regarding experimental gene-editing of human embryos.  (Nature)
  
  Catgirls.
  
  
• LG's V40 phone has five cameras - one at the front, three at the rear, and one to see into parallel universes where you're better looking and have shaved recently.  (Hot Hardware)
  
  
• CRM platform Zoho was recently taken offline for hours by their domain registrar over supposed phishing scams.
  
  Turns out there is something to that, though not by Zoho itself.  (Bleeping Computer)
  
  
• DigitalOcean has Kubernetes but is in treatment and should be better soon.

• Wired has posted an article - and I use the term advisedly - titled Brett Kavanaugh and the Information Terrorists Trying to Reshape America.  (Wired)
  
  The piece is pure propaganda.  The author, one Molly McKew, describes herself as a "narrative architect" - i.e. propagandist - and lists her previous work for Georgian president Mikheil Saakashvili, who fled his country ahead of a corruption prosecution and is in hiding in Ukraine, and Moldovan prime minister Vlad Filat, who wasn't quick enough and was jailed for 9 years after being convicted on corruption charges in 2016.
  
  This Medium post completely dissects McKew's chequered history.

Posted by: muon at Wednesday, October 10 2018 09:44 PM (vMYTH)

Posted by: muon at Wednesday, October 10 2018 09:46 PM (vMYTH)

Posted by: Pixy Misa at Thursday, October 11 2018 12:04 AM (PiXy!)

Hide Comments | Add Comment

• Microsoft releases their new Surface lineup. (AnandTech)
  
  They have new CPUs, and are now available in a choice of colours: Grey or black.
  
  And that's it. HP needn't have worried.
  
  
• Microsoft also released the Windows 10 October update. (PCPer)
  
  It has... Something. Probably. Exciting stuff from Microsoft.
  
  
• Microsoft also announced headphones. (Tom's Hardware)
  
  They cost $349 and are headphones.
  
  Microsoft are really hitting it out of the plate today.
  
  
• Wait - Microsoft also updated the Surface Studio. (TechCrunch)
  
  While still ferociously expensive, it at least has decent specs, with a quad-core i7 CPU and GTX 1060 or 1070 graphics, and a 1TB or 2TB SSD replacing the absurd laptop hard disk of the original.
  
  

• Sweden bans memes. (TechDirt)
  
  
• Someone apparently tried to assassinate President Trump, Secretary of Defense James Mattis, and Admiral John Richardson, chief of Naval Operations. (CNBC)
  
  Meanwhile, Twitter is arguing about whether it matters that someone threw ice at someone in a bar thirty-five years ago.
  

  "This letter makes it clear that not only was it a part of their life, and a regular part of their life, but it was a core a part of their life and something they did to excess." - NYT's David Enrich, who helped break the story of Kavanaugh's 'obnoxious drunks' letter pic.twitter.com/CfYRn8kYVL

  — CNN Tonight (@CNNTonight) October 3, 2018

Posted by: The Brickmuppet at Thursday, October 04 2018 12:07 PM (3bBAK)

Posted by: Pixy Misa at Thursday, October 04 2018 03:55 PM (PiXy!)

Hide Comments | Add Comment

• I really need to deploy that new editor with its auto-save feature.
  
  
• HP announced their Spectre Folio, a leather-wrapped convertible laptop like the Spectre x2 only extra leathery.  (AnandTech)
  
  It's hamstrung by a 5W CPU (the x2 has a 15W part).  I'm guessing it's fanless and silent and has great battery life, but the x2 can actually do stuff.
  
  Microsoft is launching new Surface hardware in the next few hours, so this is HP trying to grab some news in front of that event.  Good luck with that; they make great hardware but their marketing department needs to be fired en masse:

  "Have you sniffed your PC recently?" Wolff asked. "Other than a whiff of ozone, they generally really don't have a smell, there is no memory associated with them. It's pretty cold. We wanted something that offered more than that, and that was our mission."

    (ZDNet)
  
  Really, HP, you just needed to note that it has separate PgUp/PgDn/Home/End keys and I'd be sold.  (Thurrott.com)
  
  It does look good, I must admit.
  
  
• Chrome 69 sucks.  I've had more problems with it than the last 50 release combined.  Guess they were too busy mangling URLs to wrangle bugs.
  
  
• Houston we have a problem with our robot brothel.  (ZDNet)
  

• France may have just banned Twitter  (TechDirt)
  
  Smartest thing France has done since...  Wait, I'm thinking...

• The DOJ is suing California over their new net neutrality legislation.  (TechCrunch)
  
  I wasn't comfortable with the federal government regulating net neutrality, and for exactly the same reasons I'm not comfortable with the federal government preventing the states from regulating net neutrality. 
  
  More knowledgeable observers than I are citing Wickard v. Filburn as the constitutional basis for this.  I was aware of that decision but didn't know it by name.  It essentially rules that intrastate commerce is interstate commerce because if you are engaging in intrastate commerce you have removed yourself from the totality of interstate commerce which means that you are altering the scope of interstate commerce and can be regulated by the federal government under the Commerce Clause EVEN IF YOU NEVER ENGAGED IN COMMERCE IN THE FIRST PLACE because it would have impacted price stabilisation programs which as a libertarian-leaning Australian strikes me as fucking insane.
  
  So a single farmer from Ohio growing wheat to feed his own animals in 1938 could decide the fate of the entire internet.
  

• molten is a minimal, extensible, fast and productive framework for building HTTP APIs with Python.
  
  [Looks at code samples.]
  
  You've turned Python into Ruby.  That's amazing.  I'm not even mad.

  
  
  

Posted by: Rick C at Tuesday, October 02 2018 04:00 AM (Q/JG2)

Posted by: Rick C at Tuesday, October 02 2018 04:02 AM (Q/JG2)

Posted by: Pixy Misa at Tuesday, October 02 2018 04:25 AM (PiXy!)

Posted by: The Brickmuppet at Tuesday, October 02 2018 04:36 AM (3bBAK)

Posted by: Rick C at Tuesday, October 02 2018 09:14 AM (Iwkd4)

Hide Comments | Add Comment

• Murphy's Law has rarely been more fully in display than in the recent Facebook security breach.  (TechDirt)
  
  Not only did a very simple trick allow you to view private details of other users' accounts, it let you impersonate those accounts.
  
  If you used Facebook to sign in to other services, it let people sign in as you on those services.
  
  And if you tried to post a warning about this to your friends on Facebook, your post was filtered out by the automated security system.
  
  This is a platform used by more than a billion people.
  
  
• Elon Musk has settled with the SEC, will step down as chairman of Tesla and pay a fine, but remain a board member and CEO  (TechCrunch)
  
  This seems appropriate.
  
  
• There is something in the water in Rhode Island.  (NPR)
  
  
• A federal judge has ruled against a joint state and federal police task force suing Facebook for access to Messenger messages.  (Reuters)
  
  Of course, they could have just waltzed right in and downloaded them anyway, making it all a bit pointless.
  
  
• In Australia?  Need a new laptop?
  
  The Lenovo E485 is $400 off - meaning $100 off the launch price (which to be fair was a great price) - and SSD upgrades are also $50 off, so with 16GB of RAM and a 512GB SSD it's currently a very reasonable A$1124.
  
  The HP Spectre X2 is still on sale for A$1350 for the next week (while stocks last, but it is currently in stock), including 16GB RAM, 1TB SSD, detachable keyboard and pen.  Well worth a look if you were considering a Microsoft Surface Pro.

• Ashe Schow dissects what is going on in US social media and politics right now, and it ain't pretty.  (Daily Wire)
  
  Sound article, though.  Read, as they say, the whole thing.
  
  
• Jonah Goldberg is more focused on the politics but also addresses the social media aspects of the present moral panic.

Kids, Don't Try This At Home

• Ian Cutress gets his hands on a not-too-wildly-expensive 24-port 10GBase-T switch.  (AnandTech)
  
  Unfortunately the price has now jumped by 60% so it's probably a couple more years before we really get 10G in the home.
  
  
• How do the Ryzen desktop APUs scale with overclocking?  (AnandTech)
  
  The cheaper 2200G scales very well; the more expensive 2400G less so.  This is almost certainly due to memory bandwidth; the 2200G has 8 graphics cores to the 2400G's 11, so it has more room to scale before it reaches the limits of the DDR4 interface.
  
  Which means that these won't get much faster until they can get faster memory, whether that's DDR5 or some sort of caching as found in Intel's Kaby Lake G.
  
  
• LG has their own 32" 4K DCI-P3 FreeSync HDR monitor.  (AnandTech)
  
  Best part: $500.
  
  
• ZADAK has 32GB unbuffered DDR4 modulesp.  (AnandTech)
  
  These are based on 8Gb chips, not the very new and scarce 16Gb chips, so they're bigger than normal.  They have both full-size and SO modules, so in theory I could use these to upgrade my Dell desktops to a full 64GB, assuming they fit.
  
  Anyone with one of Dell's Inspiron tower systems who needs to upgrade to 64GB could benefit from these too.
  
  
• A bug in remote management features in older Dell servers might affect tens of millions of systems ugh.  (Serve the Home)
  
  

Social Media News

• Facebook had a security breach, leaking details of 50 million accounts  (PCPer)
  
  They don't know who, or how, or what.  Fortunately, everything on my Facebook profile is a lie.
  
  There seem to have been at least three different security bugs being exploited in this.
  
  
• This of course comes just a day after the story about them misusing private customer data.  (TechDirt)
  
  
• Use Instagram?  You might be affected too.  (TechCrunch)
  
  
• USA Today smarmily insinuated Brett Kavanaugh is a pedophile on Twitter and the tweet is still up eight hours later.
  
  They need to fire the writer (in their sports department), the person who posted it, and whoever is supposed to be monitoring their social media responses.

Bonus Video of the Day

Posted by: The Brickmuppet at Sunday, September 30 2018 01:43 AM (3bBAK)

Hide Comments | Add Comment

Tech News

Video of the Day

Posted by: Rick C at Friday, September 28 2018 11:53 PM (Q/JG2)

Hide Comments | Add Comment

• Arm has announced the Cortex A76AE, a safety-oriented processor for autonomous vehicles (and presumable other advanced automation). (AnandTech)
  
  It supports lockstep operation similar to the old Tandem Nonstop mainframes. Each instruction is executed on two independent cores, and if the results diverge it's immediately treated as an error. It scales up to 64 total cores.
  
  
• Memory prices may drop 5% this year. (Tom's Hardware)
  
  Woo. Leaving them at 3x their low point from four years ago.
  
  
• The Asustor A4004T is a cheap 4-bay NAS with 10 gigabit Ethernet. (Serve the Home)
  
  10GbE sounds like overkill for a small cheap NAS, but in fact four drives like the current BarraCuda Pro in RAID-5 can deliver a peak transfer rate of about 8Gbps.
  
  Also interesting that there are now low-cost embedded Arm processors with built-in 10GbE, which is what this device uses. Oh, and it's normal 10GBase-T - Cat6a - not some weird crap.
  
  
• Delicious 1700lb giant turkeys once roamed Madagascar. (Inverse)
  
  Lina and Gourry ate them all.
  
  
• Sydney's Olympic Park (site of the 2000 Summer Olympics) is hosting trials of driverless shuttle services. (ZDNet)
  
  So far hardly anyone has been horribly killed.
  
  
• Kairosoft has some sort of new RPG out.
  
  Only in Japanese right now, but they are much quicker than they used to be at translating games into English.
  
  
• That Linux code revocation thing?  Not going to happen.  The Software Freedom Conservancy said no, so I went and read the GPLv2 myself, and I have to agree with them.  By contributing code to a GPL project you agree to the license, granting other users an irrevocable license so long as they also agree to the license.
  
  You could sue over it, but you'd likely fail.
  
  So terminal cancer it is.

• Suck it up, you got twenty-two freaking billion dollars for a company with no revenue. (ZDNet)
  
  Fair point.
  
  
• Oh, good fucking work, Facebook, you asshats. That will definitely make things better for everyone.  (Gizmodo)
  
  Facebook had a huge push earlier this year for people to secure accounts with two-factor authentication using the mobile phone number.  Sometimes they forced users to enable two-factor auth to unlock their accounts.
  
  Guess what Facebook did with those numbers?
  

  Ugggghhh. Facebook confirms what @kashhill reported: Facebook is taking phone numbers given to them for two factor authentication and using them for ad targeting. Gross and completely irresponsible. https://t.co/t73ehenUWRpic.twitter.com/TNpPUxsKz6

  — Eric Mill (@konklone) September 26, 2018

  
  
  

Video of the Day

Posted by: Rick C at Friday, September 28 2018 05:47 AM (e+hus)

Posted by: Rick C at Friday, September 28 2018 06:09 AM (Q/JG2)

Posted by: Pixy Misa at Friday, September 28 2018 11:10 AM (PiXy!)

Hide Comments | Add Comment

• Firefox Monitor tells you that your accounts have been hacked.  (Tom's Hardware)
  
  Your accounts have been hacked.
  
  Thanks Firefox Monitor!
  
  
• The EFF's constitutional challenge to the hopelessly vague FOSTA legislation has been dismissed by the District Court.  (TechDirt)
  
  The court seems to have ruled that the less-vague parts of the Act outweigh the more vague parts, which seems like nonsense to me.  I hope this continues to a higher court and this decision is overruled.
  
  
• Facebook's policy of we'll swallow, but we won't digest has come to an end.  (TechCrunch)
  
  It was never true anyway.
  
  The co-founders of Instagram have resigned.  Not that they needed a day job, but they were clearly angered by the way Facebook has been running their baby.
  
  
• Digital Ocean now supports importing custom images.
  
  That's very useful, yes, but how do I export an image?
  
  
• A bug in the Monero cryptocurrency protocol basically left it open to high-tech looting.  (ZDNet)
  
  Last week a bug was found in Bitcoin that exposed it to similar attacks, but require a more elaborate operation: You needed to first knock good Bitcoin nodes off line with false allegations so you could sneak in with 51% of the vote and approve fraudulent payments.
  
  
• Columbia Journalism Review asks is the podcast bubble bursting?
  
  Yes.  Yes, CJR.  Ten years ago.

Posted by: Wonderduck at Thursday, September 27 2018 01:32 PM (8i+JN)

Posted by: Pixy Misa at Thursday, September 27 2018 03:10 PM (PiXy!)

Hide Comments | Add Comment