* Posts by diodesign

1252 posts • joined 21 Sep 2011

Page:

Firefox's CEO is ANGRY with Microsoft – thanks to Windows 10 and Edge

diodesign
(Written by Reg staff) Silver badge

Re: wilburworld

"Apple does the same..."

...is heard so often these days. Doesn't mean it doesn't suck.

C.

25
3

NetApp sees IBM/Cisco VersaStack as 'huge' threat to FlexPod

diodesign
(Written by Reg staff) Silver badge

Re: rkenson

Funniest post all week. A+

C.

0
0

Windows 10 in head-on crash with Nvidia drivers as world watches launch

diodesign
(Written by Reg staff) Silver badge

Re: Mountain out of a molehill much?

"One restart was all it took to fix the issue for me"

After Microsoft finally fixed the problem via Windows Update.

C.

0
0

Moto fires BROADSIDE into the flagship phone's waterline with X Play and Style

diodesign
(Written by Reg staff) Silver badge

Re: Re: Interesting..

"OK, El Reg journo's, here's a job for you: a table tracking mobile phones and how well they have been tracking Android updates"

We're polling manufacturers this week on their response timings to the Stagefright bugs (there are 7 CVE-listed bugs) and the devices that will be updated – and hope to have something to compare that to, as you suggest.

C.

6
0

Want longer battery life? Avoid the New York Times and The Grauniad

diodesign
(Written by Reg staff) Silver badge

Re: and the same tests done with

Lower readings?

(PS: The guy has Flash blocked by default.)

C.

11
0

Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet

diodesign
(Written by Reg staff) Silver badge

Re: Re: Congratulations on repeating exploits before they can be fixed

"your logic is flawed."

You mean, Apple's logic. Look, the matter has gone full disclosure. I can't think of anything more frustrating than an article that says "there's a local root hole in OS X Yosemite. We won't tell you the details, you'll just have to Google it."

Bonkers.

C.

51
1
diodesign
(Written by Reg staff) Silver badge

Re: Congratulations on repeating exploits before they can be fixed

"Congratulations on repeating exploits in detail before they can be fixed"

Apple has fixed it. You just have to upgrade to El Capitan. Don't want to upgrade? No problem, you've been warned and are aware of the risk. There's also a workaround in the story. The exploit has been public knowledge for two weeks – the bad guys already know. You should know too.

"However, the article does not Emphasise that you must first have privileged access through an app."

You've misunderstood. This exploit allows normal software – like a simple tool you've downloaded from the web – to gain root-level access without a password. Without prompting the user for a password. That's bad.

Post less.

C.

59
1

Robot surgeons kill 144 patients, hurt 1,391, malfunction 8,061 times

diodesign
(Written by Reg staff) Silver badge

Re: How does it compare to human-only surgery?

Comparing the error rate to human surgeons did cross our minds. It would be good to compare, we're still trying to get a number, it's non-trivial.

Edit: Added a bootnote.

C.

10
0

TITSUP: Apple Music, App Stores, iCloud, iTunes, Radio, iBooks

diodesign
(Written by Reg staff) Silver badge

Re: Total Inability To Provide Usual Purchases

Yeah, I fucked up.

C.

1
0

Ashley Madison hack: Site for people who can't be trusted can't be trusted

diodesign
(Written by Reg staff) Silver badge

Re: anonymous

"Could the author of the article of the article"

That's easy for you to say.

C.

3
0

Google, Adobe barricade Flash against hacker hordes – we peek inside

diodesign
(Written by Reg staff) Silver badge

Re: Halt or crash

"Did you mean halt"

I honestly haven't had a chance to check. I expect the plugin to hit exit() as soon as it detects an inconsistency in its memory. It cannot remain running – another thread could be running shellcode.

C.

1
0
diodesign
(Written by Reg staff) Silver badge

Re: Re: Have we just proven that Flash is a pile of crap yet again?

"expose such internal structures to do it's job?"

They don't. But they all use memory: they use memory to store variables. Variables store information for the running Flash script file. When you're using variables, you're using memory. If you abuse variables by exploiting one of the hidden design flaws in Flash you can change parts of memory that don't contain script variables but do contain information crucial to the operation of Flash. This allows you to change the way Flash works, which eventually leads to the plugin running malicious code.

Flash doesn't expose its non-variable data to the ActionScript programmer. But it has hidden design flaws that people can find and exploit to access non-variable data, and change the way Flash works.

C.

5
0
diodesign
(Written by Reg staff) Silver badge

Re: Have we just proven that Flash is a pile of crap yet again?

"It's a scripting language, you shouldn't be able to furtle with internal variable details"

You're thinking too high level. JS and AS can both be vulnerable to memory corruption leading to exploitation. You have to exploit a bug to furtle with the vector length value - such as a buffer overflow or use-after-free().

eg, in ActionScript, let's say your plugin's memory looks like this: B = buffer byte, V = vector byte, L is the vector length, and . = empty space. You've got two objects, a buffer and a vector allocated near each other:

BBBB....LVVVV

There's a missing bounds check on the buffer, so you overflow it by writing too much data to it (from your malicious Flash file) and run over the nearby vector. * = the smashed length:

BBBBBBBB*BBVV

So moving the buffer objects well away from the vector objects prevents you from easily overwriting the length value.

Now, you can do this in JavaScript. There are plenty of exploits in the past where a use-after-free() has been exploited to modify memory allocated on the heap.

C.

10
0

Seagate wins HP as ClusterStor array reseller, bolts on IBM Spectrum Scale

diodesign
(Written by Reg staff) Silver badge

Re: Post a comment link missing on several articles.

A thing broke. Articles are restored. I'm reanimating the comments sections now.

C.

0
0

Pan Am Games: Link to our website without permission and we'll sue

diodesign
(Written by Reg staff) Silver badge

Re: What happens next

"Ticket sales go through the roof"

'cos everyone's jumping on a plane to Toronto?

C.

4
0

Attention dunderheads: Taxpayers are NOT giving businesses £93bn

diodesign
(Written by Reg staff) Silver badge

Re: The majority of UK Tax burden is not being paid by companies...

"When are you going to do an article on how much tax normal working people pay"

Tim's covered this. See Reg passim.

C.

3
1

Flash HOLED AGAIN TWICE below waterline in fresh Hacking Team reveals

diodesign
(Written by Reg staff) Silver badge

Re: Enable click to play?

if you have Chrome: Open Settings -> click on Advance Settings -> click on the Content settings button -> scroll to the Plugins section -> Select "Let me choose when to run plugin content" -> click on Done -> Close the tab and restart the browser just to make sure.

If you have Firefox: follow these instructions.

All other browsers: reconsider your life choices.

C.

15
3

Uber to drivers: You make a ton of dosh for us – but that doesn't make you employees

diodesign
(Written by Reg staff) Silver badge

Re: Wrong subtitle Reg

We've already done that one! See Reg passim.

C.

1
0

Five lightweight Linux desktop worlds for extreme open-sourcers

diodesign
Silver badge

Re: Another minimalist here

Rox! That's a good choice. Basically, there are so many Linux desktop environments to choose from, I think Scott did a grand job recommending the best for most people. Millions of people read The Register, everyone's going to have an opinion :-)

I've always been an evilwm-level user, personally.

C.

0
0

Trebles all round: The BBC's won this licence fee showdown

diodesign
(Written by Reg staff) Silver badge

Re: Public service remit

"Another anti-BBC polemic from Mr. Orlowski."

No one is forcing you to agree with Andrew.

C.

2
0

US OPM boss quits after hackers stole chapter and verse on 21.5m Americans' lives

diodesign
(Written by Reg staff) Silver badge

Re: error in title...

Well, no. There's an overlap in the original 4 million whose SSNs and addresses and stuff like that were leaked, and the 21.5 million is the background checks and similar information. Two different databases. Same group of people. It's all a bit of a mess, really.

C.

2
0

The bucks stop here: NYSE freezes trading, blames 'technical issue'

diodesign
(Written by Reg staff) Silver badge

Re: Gremlins?

I think they were referring to the effect the Chinese stock market crashgasm may have on Wall St.

C.

0
0

We tried using Windows 10 for real work and ... oh, the horror

diodesign
(Written by Reg staff) Silver badge

Re: Re: Sorry but I think this review is RUBBISH

It's possible for people to have different opinions, yes.

C.

5
0

Leap second bug?

diodesign
(Written by Reg staff) Silver badge

Re: Leap second bug?

It's a coincidence. We are in the middle of moving away from our old provider (Rackspace) to a new CDN. The next lot of changes are due to take place on Sunday. Hopefully by Monday things will have settled down.

C.

0
0

Even Apple doesn’t mess with Taylor Swift

diodesign
(Written by Reg staff) Silver badge

Re: Streaming is no different than....

"And thanks Andrew for finally using a reasonable picture of Taylor Swift."

You can thank the back bench for that. Swift holding an apple? Perfect.

C.

8
0

Super Cali goes ballistic – Uber says it's bogus (even though its contract is something quite atrocious)

diodesign
(Written by Reg staff) Silver badge

Re: frank ly

This is, indeed, an homage to the Liverpool Echo's headline (later used by the Sun). We've pointed that out the last time we did a Super Cali heady.

As for the rhythm of the headline: yes, we did sing it out loud, and yes, it is missing a syllable. However, we felt it worked better with a pause to skip the missing beat rather than squeeze in a boring word like 'terms' that would have changed "is something" to "are something" and ruined everything.

Headlines. A serious business.

C.

10
0

Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X

diodesign
(Written by Reg staff) Silver badge

Re: Come on...

Apple PR thinks that if they ignore us, we'll go away. They are wrong.

C.

6
0

It's curtains for you, copper: IBM boffins push the LIGHT FANTASTIC

diodesign
(Written by Reg staff) Silver badge

Re: Tweets??

Since now.

C.

4
0

Facebook ditches HTML mobe future in favour of Zuck-style JavaScript

diodesign
(Written by Reg staff) Silver badge

Re: Java != JavaScript

Argh, it has been fixed.

C.

1
0

Everything Apple touted at WWDC – step inside our no-hype-zone™

diodesign
(Written by Reg staff) Silver badge

Re: The Fall

"Please say Autumn."

We're a UK-owned company, but our writers and editors are Americans. Fall means autumn, and autumn means the Fall.

Let's all work to get along, huh?

(PS: US readers > UK readers in the latest monthly stats. Sorry, Brits. We're trying out best with bonkers boffins headlines.)

C.

3
2

FLYING SAUCER crashes into Pacific off Hawaii - NASA

diodesign
(Written by Reg staff) Silver badge

Re: Er...

I took the rest of the day off after that.

(So blame all further typos on me.)

C.

8
0

Badges for Commentards

diodesign
(Written by Reg staff) Silver badge

Re: Re: @ 1980s_coder (was:Aww! Jake)

"ElReg refuses to allow me to answer the vi question directly"

A lot of El Reg staffers are vim users (me included.)

C.

2
0

Bill Nye's bonkers LightSail spaceship unfurls solar sails at last

diodesign
(Written by Reg staff) Silver badge

Re: Energy vs momentum

You must be fun at parties.

C.

10
2

Silicon Valley, episode 8: Larping, mogging and losing its way

diodesign
(Written by Reg staff) Silver badge

Re: Thank you ElReg!

Thanks. We're interviewing people this week for an extra proofreading-fact-checking-editing role in our SF office, so long may the typo-free-run comtinuee.

C.

3
0

Android M's Now on Tap cyber-secretary is like Clippy on Class A drugs

diodesign
(Written by Reg staff) Silver badge

Re: Ambiguiity.

Up to you, friend.

C.

1
0

Google spins up 'FREE, unlimited' cloud photo storage 4 years before ad giant nixes it

diodesign
(Written by Reg staff) Silver badge

Re: Nonplussed

What Google giveth, it taketh away. Google Code, Glass, Reader, Wave, Talk, etc etc, projects axed when Google gets a bit bored of them.

C.

23
1

That EVIL TEXT that will CRASH your iPhone: We pop the hood

diodesign
(Written by Reg staff) Silver badge

Sadly, it's already full disclosure.

C.

27
2

EMC to open-source ViPR - and lots of other stuff apparently

diodesign
(Written by Reg staff) Silver badge

Re: openstack tools?

"these are all stand alone applications/platforms."

Yeah - our mistake. Meant "plus" not "such as". It's been fixed. Don't forget to email corrections@theregister if you spot anything odd.

C.

0
0

In a galaxy far, far, far away ... Farthest ever star system discovered

diodesign
(Written by Reg staff) Silver badge

Re: Re: Far Out, Man!

I've fixed it.

C.

0
0

Intel raises memory deflector shields in Xeon E7 processor refresh

diodesign
(Written by Reg staff) Silver badge

Re: 1980s_coder

Yes - now made it clear in the story.

PS: Don't forget to email [email protected] if you spot anything odd in a story - we can fix it immediately.

C.

2
0

Stubborn 'won't fix' Google U-turns on Chromecast vid judder twitching-eye blunder

diodesign
(Written by Reg staff) Silver badge

Re: Bad Article Title is BAD.

"I... um... what? This headline is just terribly confusing."

Oi, that's our business model. Confuse the crap out of the reader into clicking on it to find out wtf is gong on.

eg: Rap for rap chap in crap rap app flap

C.

3
0

Finally, Mozilla looks at moving away from 'insecure' HTTP. Maybe

diodesign
(Written by Reg staff) Silver badge

re: hilmck

We're working on site-wide HTTPS.

C.

0
0

Age guessing with Microsoft is FUN! Now give us your metadata

diodesign
(Written by Reg staff) Silver badge

Re: Really, there were no other massive photos?

"you grab the most provocative photo of a lady in her pants"

As others have pointed out, it's Paris Hilton. The Reg has had a long-running relationship with the hotel heiress. We named our space-plane after her, put it in space, and broke a world record. She's a trope.

Working in the tech press, let alone the IT world, I've seen sexism first hand, and it's awful. I've seen PRs think it's a good idea to take women journalists out shopping rather than give them interviews. I've seen execs shut women out of conversations at the bar. I've seen inappropriate touching at dinner.

Running Paris Hilton through an AI algo isn't even close to it.

C.

15
2
diodesign
(Written by Reg staff) Silver badge

Re: "... to help Bill Gates sell his services ..."

It's tongue in cheek.

C.

1
2

You can now play thousands of classic DOS games on Twitter. Goodbye, productivity

diodesign
(Written by Reg staff) Silver badge

Re: VinceH

Mate, you can play them on twitter.com or even this Reg article page because the games are embedded automatically. Have you disabled JS? What browser are you using?

I spent a few minutes this morning playing Wolfenstein 3D on this very site. It works.

C.

0
0

What is Apple's idiot tax on Watch these days? 'About $265 or 80%'

diodesign
(Written by Reg staff) Silver badge

Re: Idiot?

ZDNet is that way ----->

C.

39
3
diodesign
(Written by Reg staff) Silver badge

Re: Idiot Register

Oh dear. A sense of humor bypass in the comments on an Apple story. How unexpected.

C.

55
2

Intel has ambitions to turn modems into virtual servers and reinvent broadband

diodesign
(Written by Reg staff) Silver badge

Re: Cite ?

Good grief; not everything has to come from a press release. In fact, we hate taking stuff from press releases. This was sourced from well-placed people familiar with Intel's plans, speaking on condition of anonymity to The Register. Y'know, journalism. Finding stuff out, reporting it, not waiting for the emailed press release.

C.

15
0

Visual Studio running on OS X and Linux for free? SO close

diodesign
(Written by Reg staff) Silver badge

Re: I can't find it...

It's right there on visualstudio.com.

(edit: code.visualstudio.com seems broken now; was working earlier. visualstudio.com works fine. Weird.)

C.

2
0

Page:

Forums