* Posts by Malcolm Weir

554 posts • joined 23 May 2007


From Red Planet to deep into the red: Suicidal extrovert magnet Mars One finally implodes

Malcolm Weir Silver badge

Re: "reality TV "stars" dying from crash landing, habitat failure, or slow suffocation. "

Of course, the alternatives include having a reality TV "star" working hard to achieve habitat failure here on earth. And he has nukes...

Year after being blasted for dodgy security, GPS kid tracker biz takes heat again for leaving families' private info lying around for crims

Malcolm Weir Silver badge

Re: I'm not sure which is worse

It's a shame that parents want to abrogate their responsibilities so much.

Yes, crap products are crap. Which is why we "caveat emptor". But the decision to buy/use crap products is 100% the responsibility of the parent. This is particularly true with "new" technology: by definition, it's not "necessary" (as we survived without it before), so a parent who decides to put it into use is making a decision, and they can't simply shrug off the implications of that decision on the basis that it involves someone else.

Don't get me wrong: crap products are *also* 100% the responsibility of the manufacturer. But there's more than 100% to go around, or rather both parties can be to blame, equally or otherwise.

But who has more skin in the game? The crap product manufacturer, who stands to lose the few quid they might get flogging their kit, or the parent, who stands to lose their kid?


So be paranoid. You care. Crap manufacturers don't. And knowing that, if you still buy crap, whose fault is that?

Oh cool, the Bluetooth 5.1 specification is out. Nice. *control-F* master-slave... 2,000 results

Malcolm Weir Silver badge

I'm not sure how I would go about using my hands-free setup in the car with RS-232?

(Yeah, I know, you could use e.g. SLIP and then IP networking to handle the logical channels you get from Bluetooth, and build some mechanism to stream audio over IP and provide the out-of-band signalling used to indicate incoming/outgoing calls, but that's an enormous amount of faff, and definitely as much of a hassle as doing it with Bluetooth)

Apple: Good news, everyone – sales are less bad than we thought. Not amazing but not bad. $84bn is $84bn, tho

Malcolm Weir Silver badge

I love the spin on the idea that you weren't paying for the "subsidized" phones!

Apple: You can't sue us for slowing down your iPhones because you, er, invited us into, uh, your home... we can explain

Malcolm Weir Silver badge

Re: Its not just the battery

Oo! Oo! I know this one!

Ahem... You're holding it wrong.

Thank you!

Post-Brexit plan for .EU tweaked: No dot-EU web domains for Europeans in UK, no appeals, etc

Malcolm Weir Silver badge

Re: In case anyone wonders where the EU got its reputation for thoughtless bureaucracy....

While it's true you don't have to live with Brexit, you do have to live with an overarching bureaucracy that has completely, utterly abandoned the concepts of pragmatism and compassion.

Except you elected yours.

Mind you, it's been 3 days since a massive, multi-billion dollar fiasco for no purpose ended (probably temporarily), so perhaps your memory is going...

Goddamn the Pusher man: Nominet kicks out domain name hijack bid

Malcolm Weir Silver badge


"Lee Owen" doesn't sound like a Romanian name. To me, it sounds pretty British, and it's only reported that the individual is a _resident_ of Romania.

American bloke hauls US govt into court after border cops 'cuffed him, demanded he unlock his phone at airport'

Malcolm Weir Silver badge

Re: Like many laws, a smokescreen for dominance

No, the government doesn't "have the option of allowing it to be sued".

Article III, Section 2: The judicial Power shall extend to all Cases, in Law and Equity, arising under this Constitution, the Laws of the United States, and Treaties made, or which shall be made, under their Authority;-to all Cases affecting Ambassadors, other public ministers and Consuls;-to all Cases of admiralty and maritime Jurisdiction;-to Controversies to which the United States shall be a Party;-to Controversies between two or more States;-between a State and Citizens of another State;-between Citizens of different States;-between Citizens of the same State claiming Lands under Grants of different States, and between a State, or the Citizens thereof, and foreign States, Citizens or Subjects.

So the judicial power of the Supreme Court and its inferior courts apply to controversies to which the United States is a party.

HOWEVER, there are sometimes statutory "kill switches" that can be used to shut down certain actions, but a challenge based on the Bill of Rights will likely proceed at least to the point where the government gets an opportunity to articulate, say, the existence of a "reasonable suspicion".

US bitcoin bomb threat ransom scam looks like a hoax say FBI, cops

Malcolm Weir Silver badge


Ah, but if you were a slightly cunning scumbag, you might say something like:

"20.000 dollars is the value for your safety and business. Tansfer it to me in BTC and I warrant that I will withdraw my man and the bomb won't detonate. But do not try to deceive me- my warranty will become actual only after 3 confirmations in blockchain."

Now, it's not entirely sure what is meant, but I read that as once you send the bitcoin to the scumbag, he'll bounce it to three more wallets before he withdraws his man, so it will be hard to track after the first drop.

(Of course, one of the remaining issues is that he intends to leave the freakin' bang-machine in place, which seems a bit of a downer!)

Super Micro says audit found no trace of Chinese spy chips on its boards

Malcolm Weir Silver badge

There were always huge problems with the allegations, best summed up as a total lack of evidence either of actual modifications *or* (and probably more importantly) any command-and-control network that would have been required to do anything with the modified boards.

Mystery sign-poster pities the fool who would litter the UK's West Midlands

Malcolm Weir Silver badge

@Dave 126,

I'd suggest that, rather than try to track the individual customer, that the fast-food places be obligated to prove (by whatever means they like) that X% of their sales transactions have the packaging disposed of properly. Obviously, 100% would be an impossibly high target, but even a relatively low figure (say, 30%) would, I feel, force businesses to be proactive about rubbish collection so they could point at all the stuff they've collected as part of their target! Plus it would encourage the businesses to offer reusable serving materials, because those would be sales-without-packaging, so a "free" point on the scale.

And then you could slowly ramp the target up, and possibly use local council licensing to maintain a range of targets depending on location, so that black spots for litter would have higher standards until they're cleaned up.

A side benefit is that it would likely result in the fast food chains employing people to pick up trash, so they could meet their rubbish-collection targets as well as their profit targets.

Enforcement could be via local taxes: exceeding the target demonstrates social responsibility, so naturally that business is more valuable to the community and deserves to pay lower taxes, while missed targets label the company as a drain on society, deserving of higher taxes.

Malcolm Weir Silver badge

I'm fully in agreement with Mr Rees-Mogg. As he wisely said on October 24th, 2011:

Jacob Rees-Mogg --

It is amazing how united the Conservative party has been so far today. We had a Eurosceptic statement from the Prime Minister and then a Eurosceptic speech from the Foreign Secretary, so it can only be the Liberal Democrats who are inveigling us down the path of unrighteousness and taking us away from supporting the motion. The Foreign Secretary made six points that must have been written for him by the Liberal Democrats, because he is ​far too clever a man to have thought of them for himself, because they do not really add up. I shall go through them.

The Foreign Secretary made two points that were essentially trivial—too trivial for a man of his standing. They were, first, that there was no manifesto commitment for a referendum. However, manifestos can deal only with what is known at the time; they cannot deal with things that have not yet arisen. The crisis in the eurozone and the changes that could come from it were not known with clarity at that point, so it is now right to think beyond the manifesto to what the next steps are. That point can therefore be discarded.

The Foreign Secretary then said that we had passed an Act of Parliament to deal with when we could have referendums, and so we did; but again, this House knows many things, but it is not omniscient. It cannot take care of every occasion that may arise when a referendum may be a good idea or every occasion when the British people—whom we should trust—may want one. So, those two points go.

The other two points that do not add up to much were, first, that a three-way referendum is confusing. However, that is not a problem because the motion calls for a Bill in the next Session, which can deal with any confusion. We can, in our wisdom, work out how to phrase a referendum—or series of referendums, if necessary —that will be understandable.

Martin Horwood --

I am grateful to the hon. Gentleman for giving way and we always enjoy his speeches, but will he clear up some confusion about the proposed three-way referendum? Will it use the alternative vote system or first past the post? The motion is not entirely clear.

Jacob Rees-Mogg --

I am grateful to the hon. Gentleman for giving me an extra minute—it is kind of Gloucestershire to give something to Somerset for once. That issue can be dealt with in the legislation. Indeed, we could have two referendums. As it happens, it might make more sense to have the second referendum after the renegotiation is completed.

[ From https://hansard.parliament.uk/Commons/2011-10-24/debates/1110247000001/NationalReferendumOnTheEuropeanUnion ]

Sensible, rational proposals: a three-way referendum, and then a second referendum after the renegotiation is complete. Without that second referendum, we have the word of politicians that the "deal" they negotiated matches the will of the people, and we know that politicians are not always 100% aligned with their constituencies, although of course they try their hardest to honestly represent the people who elected them (or some other people who they like better, obviously; it's important to encourage free will!)

Let's roll!

Dog with 'psychotic tendencies' escapes home to poop on his neighbours' pillows

Malcolm Weir Silver badge

Look, a Bison Frise/Shih Tzu mix is a combination of of two breeds that have literally centuries experience sitting on a monarch's lap looking down on the hoi polloi. Of course they're going to look for a nice pillow for their elimination efforts, and equally of course if you feed them something delicious, they'll stop.

Because you don't shit where you eat.

See this, Google? Microsoft happy to take a half-billion in sweet, sweet US military money to 'increase lethality'

Malcolm Weir Silver badge

The suggestion that someone might have had year-end money is odd, since the year ended in September. So far more likely is that this is a "thing" that they wanted a while back and they've been pushing to get the funding lined up, and it arrived with the GFY 2019, available October 1 2018....

Malcolm Weir Silver badge

Re: Location

Actually, three of Boeing's major plants are in Seattle, as well as the HQ of the Commercial Airplanes group.

(The three are Everett, where they make widebodies, Renton, which makes 737s, and Tukwila/Boeing Field where they do a bunch of things including deliver 737s and military work.)

What a meth: Woman held for 3 months after cops mistake candy floss for hard drugs

Malcolm Weir Silver badge

Re: Roadside drug tests

And fortunately they are.

Malcolm Weir Silver badge

Re: The best and the brightest fighting the war on drugs again!

@Calin, yes it is reported, and yes she did give them permission.

Malcolm Weir Silver badge

Re: How many constitutional rights were violated ?

@Calin, Sadly, no matter how much you and I agree that rights were violated, neither of our opinions matter, per the Constitution. You can't pick and choose the "rights" without the "courts"!

And in any case, it's hard to see what bright line of the Constitution was violated. The Rights are to due process, reasonable cause, etc. etc. and while you and I agree that the interpretation currently given to those concepts is farcical, it's hard to argue that the farce is impermissible. Yes, the cops had reasonable grounds (based on their crap field test kits). Yes, the defendant was "in the system", with a bail hearings before a judge, etc.even though the bail demanded was abhorrent. But "i"s were being dotted, and "t"s crossed, and the concept of qualified immunity is essential, even if the current application is abhorrent.

LG: Fsck everything, we're doing 16 lenses in smartphones (probably)

Malcolm Weir Silver badge

The last four smartphones I bought (i.e. the last two for each of me and my wife) were chosen specifically because of the quality of the camera. And while I care about mine, she _really_ cares about hers.

It's really the only qualitative measure to care about these days, given that pretty much everybody's radios work well enough (this used not to be true, even if you held it right).

Those four phones were, as it happens, LG phones (V10/G5/V20/G6). Doesn't hurt that the things have microSD card slots and the V10/V20 have old-school removable batteries (less necessary now with fast charging, but still useful after a long flight to be able to switch batteries and carry on...), but the decision was based on the camera quality.

Malcolm Weir Silver badge

Getting interestingly off topic, but you shouldn't compare colour prints with digital images, because the prints depend on two photographic processes, and include the characteristics of the paper, too.

The way to compare the two is shoot pictures of the same "resolving power" target with the film and digital, but you have to use the same lens (because lenses mess up resolving power something rotten: an indifferent lens will kill as much 70% of the native power of the photosensitive material, while a good lens may only cost you 40%). Once you have equivalence through the lens, you have to use a contact print on the film to find out what the lens did to the image, and apply correction to the size of the digital sensor that most closely matched the film.

(And that lenses-do-nasty-things point is at least part of why film prints don't look as good as digital prints: they go through two lenses, and get messed about to the tune of 40-70% each time).

THEN you have to repeat the whole exercise with a range of different colours, because of course the sensitivity of both the film and the digital sensor varies with light frequency, even for black and white subjects.

All in all, a bit of a palaver, and you'd end up with a number that's utterly useless for the reason you mention: all the _other_ factors in play can make a lower resolution digital image far better (or far worse) to the human eye than the "logical equivalent" shot on film. And the human eye cares about funny things (e.g. green, but not red or blue to nearly the same extent, hence 4:2:2 sampling for video). So we don't care at all that a piece of film can faithfully record tens of thousands of shades of blue while a digital sensor can only distinguish a few hundred.

Malcolm Weir Silver badge

Re: 20 years from now .....

Nope. 4MS / 4 megasensors is 4,000,000 sensors. You're thinking of 4 mebisensors, which is a different unit entirely (4MiS).

The computer business glories in this nonsensical redefinition of standard (SI) unit prefixes, except when they don't. How many bits per second on a gigabit Ethernet?

Malcolm Weir Silver badge

Re: I think you missed the point

I know you missed the point: _the same_ photographer will, with very few and rare exceptions[1], take a better picture with a better photosensor than he/she will with a worse sensor.

Every technological advance, be it in-camera exposure meters, auto-metering, focus assist, autofocus, image stabilization, etc was initially poo-poohed by people making the same point ("A good photographer can capture a great image with a scrap of film, a can and a pin"[2]) before being adopted and added to the arsenal of tools available to them. The archtypical good photographer tends to like new tools...


[1] Sometimes, in rare instances, the essence of a photograph is improved by deficiencies in the equipment, for example in "lomography" (which uses terrible lenses to create interesting images). In every case I've seen, it is _possible_ to duplicate the effect in post-production (in the darkroom with enlargers and chemical trays or Photoshop), but it is frequently hard to visualize in advance the effect that bad lenses or lousy sensors will create, which is why people still enjoy deliberately playing with less-than-stellar equipment.

[2] A classmate at school captured a very recognizable and "quite interesting" image of Maggie Thatcher (at the time, leader of the opposition) sitting in her car, using a physics class pin hole "camera" made from an empty film canister with a hole in it, covered with a piece of tape in which the pin hole was made, using an actual pin... This would have been in the summer of '78, before the Airey Neave assassination, when MPs tended to park/wait on the streets around the palace of Westminster, so it was much easier to get close to their exulted selves!

Malcolm Weir Silver badge

35mm film is an analogue medium, with an equivalent resolution of 87 million pixels, and greater colour "versatility" (no Bayer patterns) with greater equivalent color depth. Because of that, nothing under at least 100Mpixels is going to compete, and even then you probably need 10 bits per pixel...

The thing on the back of a cellphone still has a long way to go....

GTA gamer cuffed, charged after PS4 live mic allegedly overheard him raping teen girl

Malcolm Weir Silver badge

If he is successfully prosecuted (and I hope he is, but am very much aware that we're hearing the story that the prosecution wants told, which may or may not be objectively accurate), then he'll go to jail, receive no counselling, be registered as a sex offender, and when he finally gets released, he'll have little or no ability to earn enough money to pay for counselling for himself or anyone else.

He's asshole (if what's reported is even vaguely true, of course), but the Florida justice system has no interest in improving the lives of anyone (victim or perpetrator).

Boeing 737 pilots battled confused safety system that plunged aircraft to their deaths – black box

Malcolm Weir Silver badge

Re: Hey software, get the fuck out of the way!

Actually, the issue here is that the pilots were not properly trained on the MCAS -- Boeing added that system to the 737MAX but didn't make a big deal about it (or indeed any deal about it) -- so much so that other 737MAX pilot groups are furious! That's "furious" as in writing letters to the FAA about it... The three big unions representing 737 operators in the US (Southwest, American and United) have all responded with anger towards Boeing.

The issue is that *if* you know about MCAS, you can defeat it's "help". If you don't, you have no idea why your airplane is constantly trying to put it's nose down.

All indications are that Lion Air's pilots (and those of Southwest, American and United) did not know, and have not been trained on or practiced with MCAS, let alone MCAS failure modes.

Court doc typo 'reveals' Julian Assange may have been charged in US

Malcolm Weir Silver badge

Re: I don't know if this is relevant...

@AC, you guarantee it, do you? For offense?

The "some kind of thing" was "revoke Abignale's US passport", which meant that he couldn't travel to Italy (to face trial there), only to his country of citizenship (the USA). Italy could have applied to the USA to extradite him back to Italy to stand trial, but they obviously thought that 12 years in a US prison pretty much covered it (and likely that the Italian equivalent of a statute of limitations would have expired while he was in the American prison, so those charges would expire). And it's entirely possible that, once he agreed to help the FBI, they asked the Italians to hang fire on any charges that might still have been outstanding...

So how, exactly, would that work with an Australian/Ecuadorian citizen? You assert that the "same thing" would happen, but I don't see how (a) the USA could revoke an Australian passport _or_ an Ecuadorian one, and (b) even if they could, "the same thing" would result in deportation to Australia and/or Ecuador.

Malcolm Weir Silver badge

Re: For what it is worth

@Danny 2: the fatal flaw with your hypothesis is the need for specificity of the crime. What, exactly, did Assange do in 2010 that was worthy of indictment, and yet not extradition? The issue is that non-Americans publishing stuff outside of the USA which embarrasses America is not a crime inside the USA; it's easy to mock the US legal system, but the First Amendment is probably the most significant bit of law in the world today.

But interfering with an election inside the USA is a US Federal crime, no matter where you are.located.

I know, the conspiracy theory is so much sexier, but it's nonsense.

Lastly, lots of people have whined about sealed indictments, but there's nothing morally or practically wrong with them. Quite the contrary: they are absolutely necessary in any judicial system where the subject may choose to, say, lock himself in a broom closet of a foreign embassy in order to escape arrest. Personally, I think the pro-Assange nutters are deliberately conflating the idea of a sealed indictment with that of a secret trial-in-absentia.

Malcolm Weir Silver badge

They have offices all over the place, maybe some of them are even publicly acknowledged! But the headquarters of the CIA are in Virginia.

Stay classy: Amazon's Jassy gets sassy with Larry

Malcolm Weir Silver badge


@SVV, while it would be amusing, the very wealthy don't usually use their own names even when they use normal distribution channels, nor do they tend to use their street addresses.

So if you can correlate "Mr/Ms. Discrete Employee, Innocuous Services Inc, Near Woodside, CA" with Mr. Ellison, you probably don't need to worry about replacing your database....

Upset fat iOS gobbles up so much storage? Too bad, so sad, says judge: Apple lawsuit axed

Malcolm Weir Silver badge

Re: Crappy SD != internal flash


Cost of $256GB Sandisk UHS-I featuring:

"A1-rated for better app performance1

Premium transfer speeds of up to 100MB/s

Class 10 for full HD video recording and Playback"

... is $59.99 using my significantly superior buying power resulting from being someone who can type "amazon.com" into a browser address bar...

Yes, internal eMMC flash will still likely be faster, but the vast majority of actual humans don't care about the difference...

Malcolm Weir Silver badge

Re: It's marketing lies allowed to become reality.

Sorry, Carpet... 1TB is not 1TiB, and the fact that you don't know/expect the difference is not someone else's fault.

So when you wrote "_actual_ gigabytes", you really meant "_actual_ gibibytes".

Welcome to the SI system!

I've heard plenty of people try to justify their insistence that, for some weird reason, a gigabyte should be understood as a "gibibyte", but at the end of the day 1 megabyte is the space required to store 1 second of data arriving on a synchronous bit serial connection using an 8 megahertz clock... and therefore 1 gigabyte is the space requires to store 1000 seconds of data.

Super Cali goes ballistic, net neutrality hopeless? Even Ajit Pai's gloating is something quite atrocious

Malcolm Weir Silver badge

Sorry, I missed your question!

Short answer is yes, it does, because the data path is through the TDRSS, which bounces signals across satellites until they can drop to White Sands or Guam in some circumstances. The slightly longer answer notes that there is also a high-bandwidth channel, but as it also goes through TDRS -> WSMR/Guam the same applies, but just that that channel is not available full-time.

Malcolm Weir Silver badge

Yes, but IP traffic from the ISS is carried over proprietary links from the USA (at least, on the US side of the thing) and so is akin to an internal network like the one you probably have at home. Except moving faster. As such, rules governing ISPs are not relevant.

London flatmate (Julian Assange) sues landlord (government of Ecuador) in human rights spat

Malcolm Weir Silver badge

Re: Lets Get Real

Well, the Red Dwarf actor Craig Charles may disagree about the "any consequences", having been locked up in Wandsworth Prison for three months before trial.

I agree that the default position should be to accept the less-socially-powerful individual's story (if the story is plausible, and note that gender isn't relevant, but power is).

But there are many reasons to allege an assault, ranging from "buyers remorse" through the complex situation where consent was given by someone too drunk/drugged to be properly able to give consent and in the cold light of day sincerely believe that they hadn't.

And also, of course, the concept of a malicious allegation is not unheard of. Of the two allegations against Kavanaugh, one was a lot more persuasive than the other. It would not be inconceivable that someone might inflate a real incident into a false allegation for purely political motives. For example, someone might allege that a candidate for office grabbed women's genitalia in order to discredit the candidate... Hmm...!

Malcolm Weir Silver badge

"The UK will not extradite if the section of law has the death penalty"...

... unless they decide they don't want to upset Trump, in which case...

Yes, I know the situation with Kotey and Elsheikh is a "mutual legal assistance" issue, not fully an extradition, but make no mistake, Javid is a scumbag on a par with May ("out of ECHR!") when it comes to human rights. If the UK declines to follow long-established policy for no reason other that to curry favor with a foreign power, no-one should seriously expect the UK government to provide any real support to people accused of capital crimes.

Malcolm Weir Silver badge

The whole rationale for Assange's hiding is, err, problematic.

The argument is that the Swedish allegations are all false, and once Assange talks to the Swedish police there will be no issue, since it was all just a misunderstanding/stitch-up which has been resolved in the interim, etc. But Assange is afraid of going to Sweden because the Swedes will hand him over to the USA.

But anyone with half a clue knows that probably the least restrictive extradition treaty is not the Sweden/USA one, but the UK/USA one which can be summarized as being met by a request written on a cocktail napkin by an intern in any prosecutor's office.

So if the fear is extradition to the USA, the best move would have been to answer the arrest warrant and go to Sweden. The worst move was to fight extradition *in the UK*, because if there was a plan to extradite him to the USA, HMG would be fully complicit... the most they'd ask is for a "no death penalty" undertaking, unless that would annoy that nice Mr Trump, in which case they'd avoid even that request.

Erm... what did you say again, dear reader?

Malcolm Weir Silver badge

Re: So he's that incensed about the bastardization of his beloved language ?

Oh, that's funny! At school we had to deal with THREE different pronunciations!

We had what might be described as "traditional anglicized" (basically, the Latin used in the law and so on), we had a new-fangled academic pronunciation (from ivory tower boffins trying to be faithful to what Romans might have said, as if anyone cares because they're all dead now, but still...) and we had a local variant that we used once a week that was more closely aligned with medieval church Latin as mucked about by generations of reluctant scholars (in which, for example, the word "nostris" was pronounced "noss-trees").

Latin doesn't change? Hah!

Malcolm Weir Silver badge

Smashing machines, them!

FYI: Faking court orders to take down Google reviews is super illegal

Malcolm Weir Silver badge

Re: Sooo, they fined him less than he spent to do it legally

Federal sentences of less than 12 months result in the prisoner serving 100% of the time (although any pre-trial detention time counts towards the total. This is per the Sentencing Reform Act of 1984.

For sentences of more than 12 months, "85%" of the sentence must be served, but after that the prisoner can be paroled if their behavior was good. The average is length of stay is, apparently, 88% of the sentence.This is largely because the federal Bureau of Prisons ignores the plain text of the statute -- 18 U.S.C. § 3624(b) -- and uses random percentages instead of the 54-days-per-year in the text. This callous disregard by the BOP was challenged, and upheld, by the Supreme Court, so instead of 54-days-per-year, the actual credit for good behavior is 47 days. (OK, so the rationale is not wholly insane, but the dissent in the case - https://www.supremecourt.gov/opinions/09pdf/09-5201.pdf -- is a lot more rationale for people who can both read *and* count!)

So a judge sentencing someone to "a year and a day" may actually be doing the defendant a favor, as a 366 day sentence works out at 319 days in prison, while a 365 day sentence requires 365 days in chokey!

Super Micro China super spy chip super scandal: US Homeland Security, UK spies back Amazon, Apple denials

Malcolm Weir Silver badge

Super Micro Computer Ltd *is* a US owned and controlled company.

Yes, Mr & Mrs Charles Liang are ethnically Taiwanese (and therefore predisposed to not trust mainland China), but the company is a classic Silicon Valley startup made good.

I'm reminded of an acquaintance who asserted that Google was peddling Russian influence based on Mr. Brin's ethnicity... not entirely sure how that squared with Mr Page's lack of Russian connections, but then my tinfoil hat never quite fitted me!

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?

Malcolm Weir Silver badge

I reckon this is a cautionary tale

As others have noted, where are the modified boards? Why are seeing pictures showing some random small thing next to a pencils/pennies? How do we reconcile the denials against the story?

As has been pointed out, an attack like this is plausible. It could be done. It might have worked if it was done. But it alternatively might have been detected early, and that detection resulted in nothing happening.

So my working hypothesis is that this is a cautionary tale: beware of your supply chain.

And for that, it doesn't matter (to the teller of the tale) whether all the details are 100% factual, because they're just there to jazz up the story. Apple, Amazon, a bank, CIA spy videos... even Supermicro. The point of the story is not that Something Happened (to Apple/Amazon/the bank/whoever), but that Something Could Have Happened.

Consider this: is it plausible that *if* China was surreptitiously tinkering with a motherboard that they would have succeeded first time out? Why does the Bloomberg article talk about various different types of spy device, without ever explaining why there are the variations?

So we have a report of several generations of spy chip with no explanation of what the second and subsequent ones were for (they can't still be for the Amazon boards) and how they were identified, and we have no exhibits of the compromised items even though there are several generations of spies implying several generations of targets.

And we have NO information about the "phone home" mechanism which is, apparently, teh whole point of the spy chip. And I'm not just talking about the absence from the Bloomberg article: NO ONE has publicly reported and described suspicious activity resulting from the nefariousness. No security notices have been released suggesting a list of IP addresses to block. And, err, there are non-public infosec channels that exist to disseminate advice to people in the US defense industrial base, and if there was corroboration, I'd expect it to leak.

So I think this is a hypothetical attack being reported as an actual attack at the behest of the US government as part of an effort to help prevent actual attacks using this sort of technology.

Malcolm Weir Silver badge

Re: Frankly I'm amazed the cloud guys even bother with BMC

Err... plugging a cable into the IPMI port and then let it grab an address with DHCP is not exactly the most complex provisioning task. By contrast, the NOC noggin is far more likely to incur higher costs by accidentally prodding the wrong box than the total cost of the cables, switches and infrastructure required for this.

Malcolm Weir Silver badge

Re: What am I missing here?

I think you're missing the section in the Bloomberg piece about how Supermicro is well known for customization...

My analysis is that these attacks were targeted at SKUs specifically known to be of interest, not the general SKUs that you see on the Supermicro website.

Malcolm Weir Silver badge

Re: Seems like Rube Goldberg approach to spying

Not so: if (as another poster has described) you have an SPI memory with a "secret" bank and a regular one, and the sneak chip flips between the two, why would you not also have it treat the JTAG interface in a similar sneaky fashion (i.e. write the new code to another bank)?

Remember: the implication is that these are custom designed parts to do the job, not commodity parts being used to carry malware.

Malcolm Weir Silver badge


The CIA Headquarters are in Langley, VA, which is outside McLean. MITRE is in McLean, though, as are many other organizations that one might expect to be providing support to the government. It is far more plausible that a meeting with a number of industry executives would be held off-campus than at an agency HQ, even if the host of the meeting was an agency (a meeting at a think-tank could be about anything, so the security issues are easier to handle).

You know all those movies you bought from Apple? Um, well, think different: You didn't

Malcolm Weir Silver badge

As others have hinted, this is basically Apple being lazy/callous: when their contract with the distributor/owner expired, they lost the right to sell the movie, but that's a completely different thing from the right to store copies of the movie to deliver to people who had already paid for the thing.

So it sounds to me like Apple failed to consider this situation when building their store. The trivially obvious approach to these situations is to retain the entries and data for the movie, but disable the "buy" or "rent" transaction functionality, so what's blocked is the ability to make those transactions, not the ability to benefit from them.

(I suspect if someone was unlucky enough to rent the movie just before the license expired, Apple would have taken the money and then not delivered, on the same basis).

By gum: Supermicro's Samsung storage ruler server uses secret SSD

Malcolm Weir Silver badge

Re: Question:

Generally, either software RAID or higher-level duplication over distributed file systems and the like (the Google model).

Malcolm Weir Silver badge

Re: Ruler or Gumstick?

Both the Intel and Samsung formats have multiple players.

The Samsung "NF1" / NGSFF is heavily based on the M.2 design, and I see nothing "dangerous" about that fact (FUD much?). In some circles the thing is referred to as "M.3"! By design, the Samsung devices will work in an M.2 connector (as long as you have the physical space around it). So the "NF1" module could be described (in M.2 terminology) as a "30110"

And, contrary to the above assertion, it offers a major improvement over M.2 in terms of board real-estate: the 22mm width is just too wide to stack two of them in a 1U space (which is 44mm). The point of the wider format (at 30mm) is that you can mount them vertically in a 1U, plugging into a mid-plane (exactly the same concept as Intel's uses).

The divergence is seems to be that Intel is targetting "large rack" servers, where >27" depth might be routine, while Samsung is aiming at an incremental improvement over M.2/U.2 while supporting "short rack" configurations (<24") and non-rack applications.

The biggest challenge with either approach in the 1U configuration is getting the heat out, and Intel is less attractive in that regard because of the encapsulation. By focusing on the SSD only, Samsung makes it easier for designers to add mounting hardware to support whatever cooling scheme suits the application. (Same is true for M.2 over U.2).

Malcolm Weir Silver badge

Re: Pardon my ignorance....

Yup. It's ruler as in "12 inch ruler", not "monarch"!

This is a new form factor that Intel hopes to standardize that's designed specifically for 1U packages. The things are 38mm tall (call it 1.5inches, which fits into a 1.75in thing nicely) and 330mm (13 inches) long and the usual 9.5mm thick.

Of course, in my particular corner of the world, a very common form-factor for systems has 12.52in as it's longest dimension, so these are totally useless...

We're doomed: Defra's having a cow over its Brexit IT preparations

Malcolm Weir Silver badge

Re: Why will DEFRA be needed?


This encapsulates one of the biggest lies about Brexit: the "red tape" argument. The basis for the lie is that DEFRA (and its predecessors) have always been the ones that "managed" the programs, so that while general policy and funding stream definition (and funding) originated in Brussels, it went to DEFRA for implementation. And DEFRA drafted the forms and the instructions and put together the not-very-helpful help lines and so on.

There is, of course, the argument that it will all be so much simpler with it all under one roof. I'm sure no readers here have any anecdotes that might contradict that...


Biting the hand that feeds IT © 1998–2019