The Register Columnists

Thomas Claburn

Contact Mail Follow RSS feed
3D printed gun

Defense Distributed starts selling gun CAD files amid court drama

A day after a US federal judge extended an injunction barring Cody Wilson and his company Defense Distributed from giving away 3D CAD files of gun designs on the internet, Wilson held a press conference in Austin, Texas, to declare that he has begun selling the files through his company's website. "Early this morning we began …
Thomas Claburn, 28 Aug 2018
Linux penguin with American flag-themed hat and flag

Linux 4.19 lets you declare your trust in AMD, IBM and Intel

Linux v4.19-rc1, release candidate code published on Sunday, allows those building their own kernel or Linux distribution to choose whether or not to trust the CPU hardware random number generator, a decision that has become complicated in the wake of the revelations about government surveillance over the past five years. When …
Thomas Claburn, 28 Aug 2018
3D printed gun

Judge bars distribution of 3D gun files... er, five years after they were slapped onto the web

A federal judge has issued a preliminary injunction barring the online distribution of CAD files for 3D printed guns, upholding a temporary injunction issued in late July. "We just won a preliminary injunction in federal court, continuing to block the Trump admin from allowing the distribution of 3D-printed gun files," said …
Thomas Claburn, 27 Aug 2018
A child unhappy with her cash stash

Salesforce boss Marc Benioff objects to US immigration policy so much, he makes millions from, er, US immigration

Almost five dozen CEOs at US tech giants and other big businesses this week denounced the White House's immigration policies in an open letter to Homeland Security Secretary Kirstjen Nielsen. The corporate leaders, members of a chief executive club called the Business Roundtable, did not voice concern over the Trump …
Thomas Claburn, 24 Aug 2018

Windows 10 July update. Surface Pro 4. Working fondleslab. Pick two

Some Microsoft Surface Pro 4 owners claim Redmond's July 24 Windows 10 update broke their devices. Folks posting to the software giant's community support forum describe various failures following the installation of OS Build 17134.191. Register readers have also been in touch to alert us to the gaffe. A person posting under …
Thomas Claburn, 24 Aug 2018
Wicker Man in landscape

Wickr gets slicker with fresh network tricker: Privacy-protecting domain fronting alternative emerges

Encrypted comms service Wickr has hooked up with Psiphon, a maker of censorship circumvention tools, to provide an alternative to domain fronting as a defense against prying eyes online. Domain fronting is a technique for hiding requested network hostnames from those monitoring your internet traffic. It presents one hostname …
Thomas Claburn, 23 Aug 2018

Intel rips up microcode security fix license that banned benchmarking

Intel has backtracked on the license for its latest microcode update that mitigates security vulnerabilities in its processors – after the previous wording outlawed public benchmarking of the chips. The software, released this month, counters the Foreshadow aka L1TF Spectre-related flaws in its CPUs. However, its terms of use …
Thomas Claburn, 23 Aug 2018
James Bond actors in wax figures

Redis has a license to kill: Open-source database maker takes some code proprietary

Database maker Redis Labs this week moved the Redis Modules developed by the company from the AGPL to a license that combines Apache v2.0 with Commons Clause, which restricts the sale of covered software. The licensing change means that house-made Redis Modules – RediSearch, Redis Graph, ReJSON, ReBloom and Redis-ML – are no …
Thomas Claburn, 23 Aug 2018
Firefighters holding safety trampoline

One-in-two JavaScript project audits by NPM tools sniff out at least one vulnerability...

JavaScript library custodian NPM, after years of security scrambling, looks to be getting a grip on its code safety. There was that incident in May when NPM swiftly removed a backdoored package following complaints. No real damage was done. A month earlier, the bit-shifting biz added a "audit" command to v6 of npm, the …
Thomas Claburn, 22 Aug 2018
A chain tied with a string

Microsoft Visual Studio C++ Runtime installers were built to fail

Updated Security researcher Stefan Kanthak claims the Microsoft Visual C++ Redistributable for Visual Studio 2017 executable installers (x86 and x64) were built with insecure tools from several years ago, creating a vulnerability that could allow privilege escalation. In other words, Redmond is distributing to developers executables …
Thomas Claburn, 22 Aug 2018
Google, photo by lightpoet via Shutterstock

What's holding you back from Google Cloud? Oh, OK... it was hoping you'd say 'lack of hardware security modules'

Google Cloud Platform has armored its cloud in metal by offering customers beta access to hardware security modules (HSM) to handle encryption keys. With a cloud-hosted HSM, GCP users can execute cryptographic operations on FIPS 140-2 Level 3 certified kit, which is one level short of the most stringent standard. Google isn't …
Thomas Claburn, 21 Aug 2018
Justice Statue, blind folded

Apple web design violates law, claims blind person

Apple, which prides itself on design, faces a lawsuit alleging that its web page layout violates the law. In a complaint filed on Sunday in a Manhattan district court, plaintiff Himelda Mendez claims that Apple's website, by virtue of its availability in Apple Stores, violates Title III of the Americans With Disabilities Act ( …
Thomas Claburn, 21 Aug 2018

Python wriggles onward without its head

Analysis At the third annual PyBay Conference in San Francisco over the weekend, Python aficionados gathered to learn new tricks and touch base with old friends. Only a month earlier, Python creator Guido van Rossum said he would step down as BDFL – benevolent dictator for life – following a draining debate over the addition of a new …
Thomas Claburn, 20 Aug 2018
DNS interception

How's that encryption coming, buddy? DNS requests routinely spied on, boffins claim

Most people's DNS queries – by which browsers and other software resolve domain names into IP addresses – remain unprotected while flowing over the internet. And that's because, you may not be surprised to know, the proposed standards to safeguard DNS traffic – such as DNSSEC and DNS-over-HTTPS – have yet to be fully baked and …
Thomas Claburn, 20 Aug 2018
Your ad here, on a movie screen

Facebook flat-out 'lies' about how many people can see its ads – lawsuit

Facebook brags it has a massive real audience, estimated to be about 2.23bn monthly users and 1.47bn daily users after culling more than 1.27bn fake accounts. However, the social networking giant's math is being challenged in a lawsuit that claims this reach is exaggerated, thereby defrauding advertisers. In other words, it …
Thomas Claburn, 17 Aug 2018
web cookie illustration

I wish I could quit you, but cookies find a way: How to sidestep browser tracking protections

Browsers' built-in tools that crumble web cookies that track you around the internet can be bypassed or rendered ineffective by malicious websites. In a paper presented at the USENIX Security Symposium this week, a trio of researchers from KU Leuven in Belgium describe how they developed a framework to analyze the enforcement …
Thomas Claburn, 17 Aug 2018
Sam Lambert, GitHub

GitHub goes off the Rails as Microsoft closes in

Analysis GitHub invited a handful of journalists to its San Francisco headquarters to explain how the social code hosting biz is evolving from a website into a platform. The event was hosted by Sam Lambert, whose title – head of platform – removes any doubt about how things will turn out. Founded in 2008, GitHub became a platform …
Thomas Claburn, 16 Aug 2018
Road map with pin being inserted

Arm debuts CPU roadmap for the first time, sort of

Chip designer Arm for the first time in recent memory has presented a roadmap, sparsely detailed through it may be, covering future CPU plans for 5G always-on connected mobile and laptop devices. "This, I think, is the first time, certainly that I have been involved, in declaring a forward-looking roadmap in public," said Ian …
Thomas Claburn, 16 Aug 2018
Cisco logo falling off Cisco building

Cisco shift to recurring revenue gives 3.8 billion signs that it's working

Switch and comms kit biz Cisco reported $12.8bn revenue for its fiscal 2018 fourth quarter, a six per cent increase that is a bit more than than analysts expected. CEO and chairman Chuck Robbins celebrated the highest quarterly figure ever for the company, calling it a very strong finish to a great year. "Our results …
Thomas Claburn, 15 Aug 2018
Crypto algorithm selection dial

Here's a fab idea: Get crypto libs to warn devs when they screw up

Building warnings into crypto libraries that alert developers to unsafe coding practices turns out to be an effective way to improve the security of applications. At the USENIX Symposium on Usable Privacy and Security (SOUPS) 2018 this week, a group of researchers from several universities in Germany reported findings to this …
Thomas Claburn, 14 Aug 2018
A woman standing by a ladder to a cloud

Firefighters choke on Oracle's alleged smoke-and-mirrors cloud

Oracle has been sued by a pension fund that claims the database giant exaggerated its cloud business revenue. The City of Sunrise Firefighters' Pension Fund filed its lawsuit in a US district court in Silicon Valley against not just Oracle but also executives Safra Catz, Mark Hurd, Larry Ellison, Thomas Kurian, Ken Bond and …
Thomas Claburn, 13 Aug 2018
A backdoor in plain sight

The off-brand 'military-grade' x86 processors, in the library, with the root-granting 'backdoor'

Black Hat A forgotten family of x86-compatible processors still used in specialist hardware, and touted for "military-grade security features," has a backdoor that malware and rogue users can exploit to completely hijack systems. The vulnerability is hardwired into the silicon of Via Technologies' C3 processors, which hit the market in …
Thomas Claburn, 10 Aug 2018
Julia Roberts, not the programming language

Julia 0.7 arrives but let's call it 1.0: Data science code language hits milestone on birthday

Julia, the open-source programming language with a taste for science, turned 1.0 on Thursday, six years after its public debut in 2012. The occasion was presented on YouTube, live from JuliaCon 2018 in London. Created by Jeff Bezanson, Stefan Karpinski, Viral Shah, and Alan Edelman, the language was designed to excel at data …
Thomas Claburn, 10 Aug 2018
Hacker using phone

Crims hacked accounts, got phones, resold them – and the Feds reckon they've nabbed 'em

A dozen people have been indicted in America for allegedly fencing more than $1m in smartphones and other kit obtained via hacking and fraud. Geoffrey Berman, the US Attorney for the Southern District of New York, and Angel Melendez, the Special Agent in charge of the New York Office of the US Immigration and Customs …
Intel's Navin Shenoy

Intel: Yeah, yeah, 10nm. It's on the todo list. Now, let's talk about AI...

At Intel's Data-Centric Innovation Summit today in Santa Clara, California, Chipzilla reiterated its commitment to deliver 10nm Xeon processors in 2020, to maintain its market leadership, and to adapt its silicon to AI-oriented workloads. That'll be the same 10nm that's years and years late, with manufacturing nightmares …

Biting the hand that feeds IT © 1998–2018