Saturday, October 13
- Intel and Principled Technologies have released updated benchmarks resolving some of the criticisms levelled at them earlier this week. (Tom's Hardware)
Some, but not all.
- Washington state says Come at me, bro! to the federal government, apparently not having read Wickard v. Filburn. (TechDirt)
- A grey-hat hacker has been busy remotely patching tens of thousands of vulnerable MikroTik routers. (ZDNet)
This has been an ongoing story, with multiple critical vulnerabilities discovered in the default configuration of these routers.
- Microsoft has contributed a library of 60,000 patents to Linux. (The Verge)
That doesn't mean anything technically, but it's a huge win for defending Linux from potential patent suits, in a MAD kind of way.
- Firefox removed support for RSS feeds. (Use Tables)
They suggest instead using Pocket, a commercial service owned by... You're way ahead of me.
People are taking this calmly. (Hacker News)
Social Media News
- Remember Facebook's data breach affecting 50 million people? Remember how it was possible that as well as your private details, your access tokens (OAuth) might have been leaked?
Well, that second, even worse problem affects 30 million people. (Bleeping Computer)
If you're using OAuth in an app, you need to be looking seriously at notifying users and requiring 2FA when they log in from a new device.
Video of the Day
Friday, October 12
- Razer announced the Razer Phone 2. (AnandTech)
It's a phone. It does game stuff. It has a 5.7" 2560x1440 120Hz HDR display, a Snapdragon 845, 8GB RAM, and 64GB of storage. Dual exposed front-facing speakers as well, so sound will be better than most. No headphone jack though.
- Huawei announced the Honor 8X. (Anandtech)
It's a phone. It does big screen stuff. It has a 6.5" 2340x1080 display, up to 6GB RAM and 128GB storage, and a Kirin 710 CPU.
- Samsung announced the Galaxy A9. (AnandTech)
It's a phone. It does camera stuff.
Exact CPU is not specified, but it has 6GB RAM, 128GB storage, a 6.3" 2220x1080 AMOLED display, and one-two-three-four-five cameras.
That's a 24MP front-facing camera, a 24MP rear main camera, an 8MP rear 120° wide angle camera, a 10MP rear zoom camera, and a 5MP depth-of-field camera. The last camera is used in combination with the others to improve the image quality.
- An IBM PC emulator in 4043 bytes.
- Tomas Bohr - Niels Bohr's grandson - investigated to see if there could be a classical solution to quantum mechanics along the lines of de Broglie's pilot waves. Nope. Turns out grandpa was right all along. Bohr the Younger came up with a thought experiment that would decide the matter one way or the other - and then conducted the experiment for real.
This is cool, but not a surprise to most physicists, who are firmly in the "the Universe is fundamentally weird" camp.
- Google's Pixel 3 supports wireless charging and works with a Samsung charging pad. (Android Central)
So does the Nexus 4, from 2012.
- In Australia? Can't buy the Pixel Slate? Too bloody expensive anyway? Missed out on HP's September sale?
No worries mate! HP's October sale has the same Spectre x2 with 16GB RAM and 1TB SSD, including keyboard and pen, for the same A$1350 including tax and delivery. Again, that's about the same price as the entry level Celeron/4GB/32GB Pixel Slate with keyboard and pen.
Social Media News
- Epic Games apparently DMCA'd their own trailer video. (TechDirt)
- Google+ has moved to G Suite, where apps go to die. (ZDNet) [Warning: Auto-play ads with audio. But if you turn them off, the site remembers the next time.]
Video of the Day
Thursday, October 11
- Phoronix tests application performance scaling on a 64-core AMD Epyc server.
Some applications scale better than others, which is to be expected, but some scale better than linearly - that is, going from 1 thread to 64 threads gives a more than 64x performance increase - which is not expected.
- Scientific Reports, a journal run by Nature (one of the top scientific publications in the world) ran an article promoting homeopathy for pain relief. (Ars Technica)
And that wasn't even the primary problem with the article.
Not a good month for journalism in any field.
Social Media News
- WhatsApp had a tiny bug that would let people hack your phone by calling it. (Bleeping Computer)
- Breitbart claims to have obtained a leaked Google document titled The Good Censor discussing how social media has moved from free speech to open censorship, and how to be a better censor.
I think it's legitimate - there's nothing surprising in the document if you've been following this nonsense over the last decade.
- Facebook supported the generally terrible FOSTA legislation. Now they're being sued under that same law. (TechDirt)
Video of the Day
Wednesday, October 10
- Intel announced their brand new 8 core mainstream processors - expensive but good. They showed off benchmarks that displayed the benefits of the new chips relative to AMD's own 8 core mainstream processors.
Reviewers are under embargo until the 19th, so no detailed benchmarks are available except for the official Intel ones.
Which are a bit... Odd.
The Intel results seem fine - mostly - but the comparison AMD results are... Off. Lower than they should be.
Almost as if the AMD CPU had been, I don't know, artificially limited by inappropriate settings and software.
- Things just keep getting worse for Bloomberg. Another of their sources has spoken out against the Ricegate article saying that his research has been misrepresented. (Serve the Home)
Specifically, this researcher has seen hardware hacks on specific individual servers, not limited to SuperMicro, and not done as part of a production run, but added after the fact and switched during shipment.
Bloomberg, meanwhile, is refusing interviews and instead has published a new article alleging that unnamed sources say that unnamed unspecified chips added to unknown motherboards at an indeterminate manufacturer were used to break security at an unmentioned major US phone company. Every major US telco has gone on record to deny this. (Ars Technica) [Don't read the comments. After the first page it's complete crazy town.]
Bloomberg seem to have gone full Dan Rather. Maybe they'll be vindicated, but I rather (hah) doubt that.
- TSMC has taped out their first second-generation 7nm parts with 5nm to enter risk production in Q2 2019. (AnandTech)
Intel is still hoping to get 10nm parts into mass production by the end of 2019, which will put them roughly in parity with TSMC's first generation 7nm. (The numbers are about 40% real and 60% marketing fluff.)
[While this is bad for Intel, having multiple companies on a roughly level playing field is good for the consumer in the long term. Intel clearly held back technology from consumers for many years because of a lack of competition, as we can see by how quickly they released 6 and 8 core parts after AMD challenged them with Ryzen.]
TSMC's 5nm is about 45% smaller than their 7nm process, but only uses 20% less power. So you can roughly double the number of transistors on a chip, but that would lead to a 60% increase in power consumption.
This sort of thing is why Nvidia have divided their new GPUs into specific modules for rasterisation, ray-tracing, and AI. If all you're doing is rasterisation, the other modules can sit idle and not use any power. And since the rasterisation cores don't need to be able to do ray-tracing or AI, they can be kept simple and power-efficient.
Expect to see a lot more of that in the future as we head on down to 3nm.
- Google announced the Pixel Slate, their first ChromeOS tablet. (AnandTech)
It's a 12.3" device with a 3000x2000 display and a detachable keyboard and optional pen, with up to a Core i7 CPU and 16GB RAM.
Waaaait a minute....
Yeah, it's pretty much the same hardware as my Spectre x2, though with slightly better battery life, a lot less storage (maximum is 256GB), only one USB port, and way more expensive. Starting at US$599 for the 4GB model with a Celeron CPU and just 32GB of storage, plus $100 for the pen and $200 for the keyboard, the cheapest config runs as much as I paid for the Spectre x2 with a Core i7, 16GB RAM, and 1TB of SSD.
Fortunately that doesn't matter because it's not available in Australia at all. (Finder)
Also, why would anyone even want a premium ChromeOS tablet? Cheap Chrome laptops for education, absolutely, but a tablet that runs close to US$2000 when fully configured?
- Google also released the Pixel 3. (Android Central)
It's a phone. It does phone stuff.
- Evil-doers are using the EU's fictional right to be forgotten to erase stories about them using the EU's fictional right to be forgotten to erase stories about their evil-doing. (TechDirt)
Everything goes down the memory hole.
- Microsoft may be looking to buy Obsidian. (WCCFTech)
I'm okay with that. If anyone is going to buy Obsidian, I'd prefer it to be Microsoft. But WCCFTech, so take it with a pound of salt.
- Boltons is a collection of small libraries for Python that augment the builtins. Hence the name.
Supports 2.6, 2.7, 3.3 and up, and PyPy.
- RedHat's Flatpak considered harmful?
Video of the Day
Tuesday, October 09
- That Bloomberg China rice chip hacking story continues to spiral down the plughole. Risky Business has an update to their earlier podcast including an extensive and enlightening interview with one of Bloomberg's sources, who has, um, reservations about the story as published.
Specifically, he notes that Bloomberg seems to have taken hypothetical instances he provided as background information, "confirmed" them with other sources, and printed them as fact.
- Intel's 9th generation chips are here. (AnandTech)
The leaks had every detail exactly right, so the launch is not especially exciting. They are, nevertheless, great chips, reclaiming the high ground of the mainstream desktop from AMD, albeit at a higher price. AMD is set to fire back with 7nm parts at CES in January.
Top of the line i9-9900K has 8 cores and 16 threads for $488. That's not cheap, but it's half the price of earlier 8 core chips from Intel.
The i7-9700K and i5-9600K have the usual pricing, 8 cores and 6 cores respectively, and no hyperthreading. That means that performance for those parts is basically unchanged from 8th generation - more cores, but fewer threads.
They also have fixes for some of the Spectre / Meltdown security bugs - except on the top-of-the-line 28 core parts. That will have to wait until next year.
- Google+ is
They had a data breach affecting 496,951 users - not passwords, but names, addresses, occupations and stuff like that.
So 1/100th the size and far less severe than the Facebook breach. I guess Google was looking to pull the plug anyway.
Jason Snell adds:
Sunset as a verb means what you might think it means. It’s moving to a farm upstate. It’s going to a better place. It’s following Frodo to Valinor, the Undying Lands across the sea to the west. Where does the sun set? Where Frodo is, probably happy and playing with your childhood pets every day. It is an ex-service.(Six Colors)
Amazon has home brands. (Quartz)
Which is good, because half the stuff on Amazon is either garbage or fake, or fake garbage.
- Urmila Mahadev has solved a surprising - and surprisingly difficult - problem in quantum computing: How to tell if a quantum computer has actually quantumed. (Quanta)
Video of the Day
I'd give the pilot of Series 11 a solid B. It's no Eleventh Hour, but it lays good groundwork. Jodie Whittaker does well and I think will be an excellent Doctor. Cringe factor is quite low in the episode itself, though the surrounding materials are apparently triple-distilled. (I avoided most of them.)
Monday, October 08
- Tim Berners Lee has a plan to fix the web with an open source... Thing. That does... Things. (TechDirt)
I'll take a look at this, but I don't see exactly what it's supposed to do that fixes anything.
- Google has sprung a leak. (TechCrunch)
Just a marketing leak, fortunately, not a security leak, but every detail of every product in their fall lineup seems to be public at this point. To the point that people are actually buying them before they've even been announced. (The Verge)
- Intel has fall lineup leaks too. (WCCFTech)
No surprises - 6 and 8 core mainstream chips, 18 core flagship parts, and a special 28 core unobtanium part.
The launch event is happening right now as I type this, but it's late (curse you Daylight Saving Time!) and I'm off to bed.
I found a 28 core pic.twitter.com/paYpBTBc0O— Ian Cutress (@IanCutress) October 8, 2018
- Gigabyte's Aorus RTX 2080 Xtreme has three HDMI ports, three DisplayPort ports, and a USB-C port. Of which you can only use four at a time, but still kind of handy.
- IBM's Power9 can scale up to 1.2TB/second of I/O (Wikichip)
That's... Rather a lot. Like two thousand SATA SSDs running flat out a lot.
Video of the Day
Sunday, October 07
- The Bloomberg hacking story, which would be the biggest tech story of the year if it were true, has disappeared without a trace.
- Microsoft has pulled the Windows 10 October Update. (ZDNet)
If you've already downloaded it but not installed, probably best not to install at all. It seems in rare cases it can lose files from your system drive, though they are recoverable.
- Update your Git. (Bleeping Computer)
Not sure how critical this really is. Downloading a malicious project using Git could infect your computer, but if you download a malicious project, you just downloaded a malicious project.
I guess if someone managed to slip this into a popular project it would be a great infection vector, but that's fixed now.
Saturday, October 06
- Following up on the story from yesterday:
Bloomberg claims in a huge exposé that chips "not much bigger than a grain of rice" were used to subvert management circuits and hack into servers at Apple, Amazon, and multiple unnamed US government agencies.
Art by Jennifer D'aww.
Apple continues to maintain that Bloomberg screwed the pooch. (BuzzFeed)
Both public and anonymous sources within Apple say that not a single thing in the Bloomberg story is true.
One independent researcher who said they had verified Bloomberg's story has since recanted. (Risky.Biz)
The NetSec Subreddit, which would normally be all over a story like this, is ignoring it as being so lacking in technical detail as to be beneath their notice.
Britain's GCHQ says that as far as they are concerned, the story is a big bowl of cold tripe. (Reuters)
Not clear if that is a positive or negative assessment.
The same reporters at Bloomberg ran a 2014 cyberwar story that has been widely ridiculed as baseless nonsense.
What it boils down to is that this story is technically plausible, but probably fiction. It seems that Bloomberg was jealous of The New Yorker's credibility implosion and wanted to one-up them, or one-down them, whichever.
- Speaking of implosions, a painting by anonymous graffitist Banksy sold at auction at Sotheby's for £1.04 million and then immediately self-destructed when a mechanism hidden in the frame shredded the canvas. (AFR)
So Banksy put a video on Instagram and deleted it almost immediately about the whole shredder in the painting. I screen recorded it for anyone who missed it! pic.twitter.com/uryPvP21ge— Zoe Smith (@zoelouisesmithx) October 6, 2018
Social Media News
- Facebook's staff are still mindless twatwaffles. (Axios)
- You know what? Let's not trust a third party to manage logins to our app. (Axios)
- In a speech at the Hudson Institute, Vice President Mike Pence strongly urged Google to cease development on a censored search engine for the Chinese market. (ZDNet)
Video of the Day
Friday, October 05
- The top story of the day is The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies. (Bloomberg)
The story is that a tiny chip - smaller than a grain of rice - was added to certain SuperMicro motherboards, used by companies including Apple and Amazon and various US government departments, that would subvert the security of the BMC module (a sort of remote control for servers) and allow hackers arbitrary remote access.
The story has been corroborated by official statements from Apple and Amazon.
No, wait, not corroborated, what's the other one? Excoriated.
They did everything but declare Bloomberg anathema and launch a holy war, and I wouldn't be all that surprised if that happens tomorrow.
Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple. Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.Amazon
On this we can be very clear: Apple has never found malicious chips, "hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.
Today, Bloomberg BusinessWeek published a story claiming that AWS was aware of modified hardware or malicious chips in SuperMicro motherboards in Elemental Media’s hardware at the time Amazon acquired Elemental in 2015, and that Amazon was aware of modified hardware or chips in AWS’s China Region.So far there is no independent verification of any of Bloomberg's claims. All their sources are anonymous, and none have spoken to any other news outlet.
As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue. At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government.
There are so many inaccuracies in this article as it relates to Amazon that they’re hard to count. We will name only a few of them here. First, when Amazon was considering acquiring Elemental, we did a lot of due diligence with our own security team, and also commissioned a single external security company to do a security assessment for us as well. That report did not identify any issues with modified chips or hardware. As is typical with most of these audits, it offered some recommended areas to remediate, and we fixed all critical issues before the acquisition closed. This was the sole external security report commissioned. Bloomberg has admittedly never seen our commissioned security report nor any other (and refused to share any details of any purported other report with us).
There's basically two ways this can go: Either two of the world's largest companies just invited regulators and class-action lawyers to tapdance on their heads, or Bloomberg just proved once again that those layers and layers of fact-checkers are less use than a fishnet umbrella on the Moon.
Serve the Home is dubious and adds this:
First and foremost, I think we need to call for an immediate SEC investigation around anyone who has recently taken short positions or sold shares in Supermicro. With the accompanying Supermicro stock price hit that was foreseeable prior to the story, if anyone knew the story would be published, and acted on that non-public or classified information, the SEC needs to take action. There seems to have been over 20 people that knew about this.
This article by the grugq [seriously] delves deeper. His conclusion: BMC is an active threat in itself, but the Bloomberg story fails in achieving even basic standards of verification.
My take on all this - provisional, pending actual evidence - is that Bloomberg got played. And they got played because they are morons.
No-one interested in getting a security story out would take it to Bloomberg - they are completely and utterly incompetent to evaluate such claims, or even to research the story.
Any actual security researcher would have a field day with this. Any skilled security researcher would have it blown wide open inside a week. Bloomberg took three years to report on it, and at the end, they still have nothing to show but anonymous hearsay.
Who perpetrated the hoax, and for what reasons, is an open question, and we may see hints based on which three letter agency shows up to ask pointed questions of the idiots at Bloomberg.
As a side note: Any tech journalist who is still reporting this as "well sourced" is not to be trusted about anything, not even reading press releases verbatim.
- Nokia is making phones again. (AnandTech)
More than that, they seem to be making really good phones.
Social Media News
- Spain just made jokes illegal. (TechDirt)
- France just made the truth illegal. (TechDirt)
- Facebook's staff are mindless twatwaffles. (Axios)
- A team of left-wing scholars who still retain intellectual integrity planted a series of fake articles in peer-reviewed academic journals - including a study of rape culture in dogs and a hastily-edited chapter from Mein Kampf.
They only managed to trick feminist and post-modernist journals, not serious sociology journals, but even so they were only found out when Twitter account @RealPeerReview, which is dedicated to puncturing pseudo-intellectual puffery, started digging into the dog rape article and uncovered the skeletons in the closet.
Video of the Day
Thursday, October 04
- In an unexpected outbreak of sanity, 802.11ax has been renamed Wi-Fi 6. (AnandTech)
802.11ac and 802.11n are retroactively now Wi-Fi 5 and 4 respectively.
There are some other specialised forms of 802.11, but for mainstream users you just need to know that higher numbers are better.
- Amazon has a new version of the Fire TV Stick, supporting 4K at 60Hz, Dolby Vision and Atmos, and HDR. (AnandTech)
And Wi-Fi 5.
- AMD will talk about 7nm CPUs and GPUs in a CES keynote in January. (Tom's Hardware)
Not clear whether there will be any product announcements or just an overview, but samples are already in the hands of major customers.
- Cloudera and Hortonworks are merging to form a single $5.2 billion company. (TechCrunch)
Which is one of those things that is either big news to you or means absolutely nothing.
- Japan has issued draft guidelines regarding experimental gene-editing of human embryos. (Nature)
- LG's V40 phone has five cameras - one at the front, three at the rear, and one to see into parallel universes where you're better looking and have shaved recently. (Hot Hardware)
- CRM platform Zoho was recently taken offline for hours by their domain registrar over supposed phishing scams.
Turns out there is something to that, though not by Zoho itself. (Bleeping Computer)
- DigitalOcean has Kubernetes but is in treatment and should be better soon.
Social Media News
- Wired has posted an article - and I use the term advisedly - titled Brett Kavanaugh and the Information Terrorists Trying to Reshape America. (Wired)
The piece is pure propaganda. The author, one Molly McKew, describes herself as a "narrative architect" - i.e. propagandist - and lists her previous work for Georgian president Mikheil Saakashvili, who fled his country ahead of a corruption prosecution and is in hiding in Ukraine, and Moldovan prime minister Vlad Filat, who wasn't quick enough and was jailed for 9 years after being convicted on corruption charges in 2016.
This Medium post completely dissects McKew's chequered history.
Video of the Day
58 queries taking 0.3776 seconds, 308 records returned.
Powered by Minx 1.1.6c-pink.