The Register Columnists

Thomas Claburn

Contact Mail Follow RSS feed
Twilight Zone, 'Time Enough At Last'

Facebook invents new unit of time to measure modern attention spans: 1/705,600,000 of a sec

Video effects designers who work with C++ code have a new unit of time to work with called a "flick." Short for "frame-tick" if you're willing to overlook the absence of the letter "l" from either word, a flick lasts 1/705,600,000 of a second. It's a bit longer than a nanosecond, which clocks in at one billionth (1/1,000,000, …
Thomas Claburn, 23 Jan 2018

'WHAT THE F*CK IS GOING ON?' Linus Torvalds explodes at Intel spinning Spectre fix as a security feature

Intel's fix for Spectre variant 2 – the branch target injection design flaw affecting most of its processor chips – is not to fix it. Rather than preventing abuse of processor branch prediction by disabling the capability and incurring a performance hit, Chipzilla's future chips – at least for a few years until …
Soaring costs in San Fran. from www.shutterstock.com

In Soviet California, pedestrian hits you! Bloke throws himself in front of self-driving car

While commuter buses ferrying Apple and Google employees have been rerouted to avoid being shot at – reportedly with a pellet gun – GM Cruise has had less success keeping one of its self-driving cars out of harm's way. Earlier this week, the autonomous vehicle subsidiary of automaker General Motors (GM) said that one of its …
Thomas Claburn, 19 Jan 2018

Linux's Grsecurity dev team takes blog 'libel' fight to higher court

Open Source Security, Inc., the maker of the Grsecurity Linux kernel patches, suffered a setback last month when San Francisco magistrate judge Laurel Beeler granted a motion by defendant Bruce Perens to dismiss the company's defamation claim, with the proviso that the tossed legal challenge could be amended. The code biz and …
Thomas Claburn, 19 Jan 2018

Sad-sack Anon calling himself 'Mr Cunnilingus' online is busted for DDoSing ex-bosses

An electronics technician pleaded guilty on Wednesday to orchestrating distributed denial of service (DDoS) attacks on a former employer and other organizations – and to unlawfully possessing a firearm as a former felon. From July 2015 through around March 2017, according to a plea agreement, John Kelsey Gammell, of New Mexico …
Thomas Claburn, 18 Jan 2018

Crypto-cash exchange BitConnect pulls plug amid Bitcoin bloodbath

Amid a cryptocurrency price correction that has seen the price of Bitcoin drop by half from its mid-December peak, UK-based cyber-cash lending and exchange biz BitConnect said it is shutting down. The firm, dogged by accusations that it is a Ponzi scheme, cited bad press, regulatory orders, and cyber attacks for its market …
Thomas Claburn, 18 Jan 2018

Hehe, still writing code for a living? It's 2018. You could be earning x3 as a bug bounty hunter

Ethical hacking to find security flaws appears to pay better, albeit less regularly, than general software engineering. And while payment remains one of the top rationales for breaking code, hackers have begun citing more civic-minded reasons for their activities. A survey of 1,700 bug bounty hunters from more than 195 …
Thomas Claburn, 17 Jan 2018

What do Cali, New York, Hawaii, Maine and 18 other US states have in common? Fighting the FCC on net neutrality

Twenty-two US State Attorneys General filed a lawsuit on Tuesday to undo the Federal Communications Commission's rejection of net neutrality in America. The FCC – the nation's broadband watchdog – late last year approved rules titled Restoring Internet Freedom that free ISPs to discriminate against data as they see fit. The …
Thomas Claburn, 17 Jan 2018

Upset Equation Editor was killed off? Now you can tell Microsoft to go forth and multiply: App back from the dead

Microsoft Equation Editor was sentenced to death on January 9, 2018 at the age of 17, when a software update from Redmond removed five files necessary for the application to function. Only a few months ago, the Windows giant thought its Equation Editor could be saved: its software engineers, lacking access to the ancient app's …
Thomas Claburn, 16 Jan 2018

Let's Encrypt plugs hole that let miscreants grab HTTPS web certs for strangers' domains

Let's Encrypt – a SSL/TLS certificate authority run by the non-profit Internet Security Research Group (ISRG) to programmatically provide websites with free certs for their HTTPS websites – on Thursday said it is discontinuing TLS-SNI validation because it's insecure in the context of many shared hosting providers. TLS-SNI is …
Thomas Claburn, 13 Jan 2018
malware_security_648

Feds may have to explain knowledge of security holes – if draft law comes into play

The US House of Representatives this week approved a bill that, given further legislative and executive branch support, will require the American government to account for its handling of software and hardware vulnerabilities. The "Cyber Vulnerability Disclosure Reporting Act," sponsored by Rep Sheila Jackson Lee (D-TX), …
Thomas Claburn, 13 Jan 2018
Javascript photo via Shutterstock

Next; tech; meltdown..? Mandatory; semicolons; in; JavaScript; mulled;

In what non-technical people might take as an attempt to outdo the absurdity of the tabs vs. spaces debate that continues to divide programmers, the TC39 technical group that advises the development of ECMAScript – the specification from which JavaScript is implemented – has proposed telling web developers to terminate …
Thomas Claburn, 12 Jan 2018
Spam

Wondering where your JavaScript libs went? Spam-detection snafu exiled npm packages

On the defensive after a malware kerfuffle last year, code registry npm shot first before asking questions over the weekend – and is now apologizing for the errant execution. The keeper of hundreds of thousands of Node.js packages and other JavaScript libraries wrongly removed the account "floatdrop" belonging to developer …
Thomas Claburn, 11 Jan 2018
Futurama

No wonder Marvin the robot was miserable: AI will make the rich richer – and the poor poorer

Two research papers argue that the risk of AI-driven automation isn't so much the destruction of jobs as the amplification of wealth inequality. That is to say workers in our brave new world will still have things to do, but many of them, assisting and assisted by machines, will be paid poorly while robot owners get rich. In …
Thomas Claburn, 11 Jan 2018
Apple Store in Zurich

Swiss cheesed off after Apple store iPhone does Samsung Galaxy Note 7 impersonation

In an inadvertent homage to Samsung's combustible Galaxy Note 7, an Apple iPhone battery overheated in an Apple Store in Zurich, Switzerland, on Tuesday morning, resulting in minor injury and prompting customers and employees to step outside while the smoke cleared. The Zurich City Police Department said it received a report …
Thomas Claburn, 10 Jan 2018

Intel, Microsoft confess: Meltdown, Spectre may slow your servers

Analysis After spending last week insisting that the performance impact of fixing the Meltdown and Spectre CPU vulnerabilities "should not be significant," Intel on Tuesday tried to maintain that stance even as it acknowledged SYSmark tests assessing post-patch slowdowns ranging from two per cent to 14 per cent. Reiterating that …
Thomas Claburn, 10 Jan 2018

Oracle WebLogic hole primed to pump Monero

An Oracle WebLogic vulnerability fixed in October last year is being exploited on unpatched machines to mine Monero, a cryptocurrency, and other lesser-known imaginary coins. Writing for the the SANS Technology Institute, Renato Marinho, chief research officer at Morphus Labs, on Monday said a recently disclosed software bug …
Wi-fi symbol made out of clouds. Photo by Shutterstock

With WPA3, Wi-Fi will be secure this time, really, wireless bods promise

Wi-Fi security should become a bit less laughable with the pending introduction of the WPA3 protocol this year. In conjunction with this week's commencement of CES – letters that once stood for Consumer Electronics Show and now come meaning-free – the Wi-Fi Alliance on Monday heralded the arrival of WPA3 as the successor to …

Meltdown, Spectre bug patch slowdown gets real – and what you can do about it

Analysis Having shot itself in the foot by prioritizing processor speed over security, the chip industry's fix involves doing the same to customers. The patches being put in place to address the Meltdown and Spectre bugs that affect most modern CPUs were supposed be airy little things of no consequence. Instead, for some unlucky people …
AMD bloodbath

Security hole in AMD CPUs' hidden secure processor code revealed ahead of patches

Cfir Cohen, a security researcher from Google's cloud security team, on Wednesday disclosed a vulnerability in the fTMP of AMD's Platform Security Processor (PSP), which resides on its 64-bit x86 processors and provides administrative functions similar to the Management Engine in Intel chipsets. This sounds bad. It's not as …
screenshot of coffee miner code

How to hack Wi-Fi for fun and imprisonment with crypto-mining inject

Thanks to the ridiculous valuation of Bitcoin and other cryptocurrencies, cryptomining code has become a common mechanism for converting authorized and stolen computing cycles into potential cash. Antivirus and ad-blocker makers have responded by trying to halt crafty coin-crafting code from hijacking CPU time, particularly in …

Woo-yay, Meltdown CPU fixes are here. Now, Spectre flaws will haunt tech industry for years

Analysis Intel has borne the brunt of the damage from the revelation of two novel attack techniques, dubbed Meltdown and Spectre, that affect the majority of modern CPUs in various ways. The chipmaker's stock price is down, and it's being eyed for possible securities litigation, following reports CEO Brian Krzanich sold the bulk of his …

We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

Analysis In the wake of The Register's report on Tuesday about the vulnerabilities affecting Intel chips, Chipzilla on Wednesday issued a press release to address the problems disclosed by Google's security researchers that afternoon. To help put Intel's claims into context, we've annotated the text. Bold is Intel's spin. Intel and …

Apple macOS so secure some apps can't be easily deleted

An Apple macOS security process called System Integrity Protection can prevent certain apps from being easily uninstalled, which isn't ideal when the code may be vulnerable or malware. System Integrity Protection, or SIP, has clear benefits for macOS security. Introduced in OS X El Capitan (10.11) in 2015, it applied a new …

Attention, vSphere VDP backup admins: There is a little remote root hole you need to patch...

VMware on Tuesday published a security advisory for its vSphere Data Protection (VDP) backup and recovery product. The virtualization giant identified three vulnerabilities, one of which it deems critical, with the two others categorized as important. The issues affect VDP 5.x, 6.0.x, and 6.1.x. CVE-2017-15548 is the …

Biting the hand that feeds IT © 1998–2018