* Posts by Paul Crawford

1810 posts • joined 15 Mar 2007

Easy come, easy go: Euro astroboffins blast brace of Galileo sats INTO SPAAACE

Paul Crawford
Silver badge

Re: free

While I was quite happy to condemn the original politics of Galileo where the EU weasels, sorry ministers, said it would all be paid by the commercial use, we all knew that was a lie. With GPS being free and mostly available courtesy of Uncle Sam, almost no one will pay much for an alternative.

But I fully support the EU doing Galileo for the following reasons:

1) Developing the technology & infrastructure in the EU to do it.

2) Having an alternative to GPS in case Uncle Sam throws a hissy-fit (or a budget stale-mate turns things off).

3) Improving the overall reliability and accuracy for everyone as they then have a choice of GPS. GLONASS, BeiDou, Galelio and any other regional or LF options.

While it may represent several billion Euros, per person in the EU it is small change and we have already seen the UK gov piss away similar sums on failed IT projects over the last decade.

So cheap for what we get in my view.

0
0
Paul Crawford
Silver badge

I'm sure its just commercial considerations. Just now, in spite of the on going politics and strife over the Ukraine, etc, the EU and Russia do business and this is part of it. Maybe future launches will be more birds in fewer Ariane rockets, most certainly if Russia causes trouble in this area, but for now I guess those in engineering and contract roles just get on with the best deal for the current time & place.

0
0

Building a better society from the Czechs' version of Meccano

Paul Crawford
Silver badge

Re: I remember that medicated Izal toilet paper

You have to add those moulded plastic seats that made everyone's arse sweaty and uncomfortable even up in less-than-tropical Scotland.

2
0

'If people can encrypt their cell phones, what's stopping them encrypting their PCs?'

Paul Crawford
Silver badge

Silly - that is what post-it notes are for! Put one next to your monitor and you wont have any problems with forgetting your password.

14
0

Dot-sucks sucks, say lawyers: ICANN urged to kill 'shakedown' now

Paul Crawford
Silver badge

In related news, bears are catholic and the pope...

3
0

Spookception: US spied on Israel spying on US-Iran nuke talks

Paul Crawford
Silver badge

France?

"...biggest threats outside of Russia, China and France."

When and how did France become a major threat to the USA?

Did they threaten to take away their French fries? Shrug and set about cooking good food in a sophisticated plot to topple McDonalds?

2
1

BT Home Hub SIP backdoor blunder blamed for VoIP fraud

Paul Crawford
Silver badge

I would say this is completely BT's fault, after all it matters not if the end user is business or consumer, the kit they supplied LIED to the admin about the firewall being on, and it LIED about UPnP being off.

More over, this is a known vulnerability that BT has done bugger-all about because it might add to their support costs.

25
3

Microsoft enlists web security pariah Adobe to help build Internet Explorer-killer Spartan

Paul Crawford
Silver badge

Re: So the Spartans have invited the Trojans around to advise on the decor?

Great title, if I could give you 300 up-votes I would!

4
0

Make up your mind: Microsoft puts a bullet in Internet Explorer after all

Paul Crawford
Silver badge

Re: @Ian Easson

"You may be, but Microsoft cannot afford to be as a corporation."

So what if MS decides to ditch IE and drop support for all legacy systems, maybe with patching stopped in 2-3 years? Those enterprise customers have no where to go, they will simply have to update and move on to a future without IE's awful stuff.

What alternatives do they have? They can't realistically go on with old OS/browser without MS providing security patches, so they simply have to either suck up MS' latest offerings, maybe pay a fortune for post-end-of-life support, or go elsewhere.

Where is the 'elsewhere' for them to go? Apple has abandoned any real interest in anything outside of consumer use. While I am a keen supporter of Linux, I am in no doubt that if you are IE-bound and MS-dependant for all sorts of specialist software then you have more pain in changing OS than fixing IE-related stuff.

So basically MS can do as the please and corporate users of Windows just have to follow because so little software was ever designed to be cross-platform. That my friend is the real "End of Story".

3
6
Paul Crawford
Silver badge

Missed opportunity here

Really, I don't see why MS should keep on IE other than for some locked-in corporate customers. So why don't they make Spartan the only supplied browser for Win10 and sell IE11 as an extra-cost option, maybe chucking it in with the "W10 professional enterprise edition" or whatever?

Those who really, really, must use IE will either stick to Win7 or whatever for the next 5 years, or simply pony up for it on Win10. Their pointy-hired bosses might just see that its time to fix their Intranet once they see an on-going cost for not doing so.

But, and this is the important bit, Joe Public won't consider it as an option as nobody has paid for a browser since, oh yes, IE was bundled for free two decades ago. Thus the few remaining web sites that rely on IE-specific support (and all public-facing gov sites, who are often offenders there) will get endless complaints until they fix their shit and become cross-platform.

11
1

This is what happens when a judge in New York orders an e-hit on a Chinese software biz

Paul Crawford
Silver badge

Similar to slysoft's AnyDVD I guess.

7
0
Paul Crawford
Silver badge

Re: Shameful

It would be funny if the company then sued Visa/Mastercard for blocking payments in China, won, and made them pay out $Million/day or whatever in compensation. Same for Google, Facebook, whatever. See how it feels when another big country extends its laws to the US business.

Make it big enough and the US laws might change. After all, the only thing that seems to matter in US politics or law-making is money.

19
1

Hawk like an Egyptian: Google is HOPPING MAD over fake SSL certs

Paul Crawford
Silver badge

Re: revoked cert

Not if you are using Chrome...

http://www.zdnet.com/article/chrome-does-certificate-revocation-better/

In spite of the apparent positive spin, the fact remains they don't properly check for revocation. The last point in the article basically says they whole system is crap/broken (as we know) but offers no proper solution to the stupidly lax design of certificate issuing where ANY one of nearly a thousand issuers can sign an imposter certificate for any domain.

2
0
Paul Crawford
Silver badge

The action should be obvious - revoke all trust in the company that issued the certificates.

If they face financial melt-down due to this, and others see the consequences, maybe the future will be a little better. But saying so, it really points to a fundamentally broken system, and the certificate pinning that some browsers support is not enough of a "standard" to deal with it.

13
0

Hey, Woz. You've got $150m. You're kicking back in Australia. What's on your mind? Killer AI

Paul Crawford
Silver badge
Terminator

The idea of AI machines destroying vast swaths of humanity is pretty applying.

Until you stop and look at vast swaths of humanity that is...

5
0

Tears of a cloud: Don’t be let down by backup and disaster recovery

Paul Crawford
Silver badge

Two comments...

Firstly, the issue of compliance with data protection ought not to be a problem if you encrypt your backup data BEFORE it goes cloudy, and that your cloud provided never has access to the key. In fact, that ought to be the Golden Rule of cloud storage: "no data without perfect secrecy".

Secondly, the idea that a home user only takes minutes to back up is laughable. If you have a 'typical' upstream rate of 0.5-1Mbit/sec on broadband, that is 225-450Mbyte/hour. If you have any sort of history of using a digital camera your archive could easily be 10-100GB of photos, so you are looking at 1-18 days of uninterrupted transfer to back up initially, and this is not taking ISP capping in to account.

Still, the idea of a NAS fronting your cloud backup is great, fast local syncing of data but with the off-site and (hopefully) backed-up/snapshotted storage if you lose your NAS or get a file-encrypting virus.

2
0

Got a killer Microsoft or Oracle cloud deal? Start sweating

Paul Crawford
Silver badge

And don't forget that if there is any dispute, your cloudy "partner" can make it all disappear at the drop of a hat. Sure you can fight them through the courts, but just how long will your business have the funds to do so if its IT systems have been turned off?

With on-site software, even if licensed (and not free-as-in-speech), the boot is on the other foot. If they dispute then they have to take you to court and prove it and until they do you still have a business.

6
0

PIRATES and THIEVES to get Windows 10 as BOOTY

Paul Crawford
Silver badge

Really, what is Win10 refuses to run unlicensed copies of Office?

1
1
Paul Crawford
Silver badge

"customers over time will realise the value of properly licensing Windows" - does not compute.

"stands to win more cash under its as-a-service model if it can convince the world to dump its old operating systems" - ah, now that makes sense!

However, given the Chinese government has already said no to Win 8 over (possibly spurious) "security concerns" over data sovereignty, etc, how will they react to Win 10 if its "as-a-service" model allows the US gov to pull the plug at any time on its citizens' business operations?

9
0

Noobs can pwn world's most popular BIOSes in two minutes

Paul Crawford
Silver badge

"2. As described in the article, the attack requires physical access to the machine. Frankly, if somebody has this, it's always going to be game over."

Indeed, but p0wning the BIOS has the big advantage of getting the SMI and boot stages so it becomes possible to have an infection that is totally transparent to any booted OS, and can't even be seen when booting a rescue CD sort of tool. And if you can automate that to slip in USB, boot and press F11, 30 seconds later job done and power off, that is pretty tidy.

2
2
Paul Crawford
Silver badge

Re: This wouldn't be (much of) a problem...

"tablets, phones, and other sealed hardware "

The sort with various power & volume buttons on the side that could be held down in some odd manner to enable it passers?

1
1
Paul Crawford
Silver badge

Re: This wouldn't be (much of) a problem...

Its not just the UEFI stuff that is stupidly complex, its all of the pointless "eye candy" that MB makers seem to think you want/need. Really, the only folk who should ever be fiddling with BIOS/UEFI settings are the sort who really know what they are doing, and they are quite capable of using text-mode operations.

Its high time that we started pressing for MB makers to fully and openly support coreboot, at least then you have a chance of getting the source code inspected and maybe bugs fixed. Might even save them money in the long term for support and development.

And yes, I would like to see the return of a physical switch to allow BIOS writing, that would put a stop to most of these issues (aside from pre-installed malware, obviously).

7
1

My self-driving cars may lead to human driver ban, says Tesla's Musk

Paul Crawford
Silver badge

Re: @AC w.r.t AF447

"You simply do not have the necessary background to understand what went on and how it happened."

I did not claim that I would have done any better, nor that I understand the details of how the pilots reaction to various conflicting warnings and instrument inconsistencies led them to not recover the plane from stalling.

But what I am absolutely certain of is that having an autonomous system throw back the controls to humans under "difficult" conditions is a recipe for disaster. And equally for cars the conditions that are unlikely to be handled well, such as an unexpected conflict of sensors while approaching a junction, blind bend, etc, will leave the human operator with bugger-all time to come to terms with being in control, let alone to apprise the situation and react accordingly.

So why even consider that case? Maybe so the car manufacturers can pin the blame for out-of-capability accidents upon the meat sack failing to drive correctly...

1
1
Paul Crawford
Silver badge

Re: @Phil Dude

Folk who care about edge cases are the sort you want working on safety-critical stuff! Typically they are the ones to trust your well-being to. As for reliability, the current US death rate is around 1-2 per 100 million miles driven, or about 150-250 per million vehicle - years:

http://www.census.gov/compendia/statab/2012/tables/12s1103.pdf

So an autonomous car has to be pretty good to match that. Sure humans do really dumb things, and they are easily distracted, etc, which probably covers a good 90% or so of those deaths. But cars have to at least match that 2E-8 fault/mile figure under real-world conditions to be taken seriously.

2
1
Paul Crawford
Silver badge

Re: @Crisp

"Well, if it resembles auto-pilot systems (such as those on the Airbus), the correct fall-back would be manual control by the driver"

Yes, and look how well that worked out for AF447 after all!

See that is the problem, if it can't cope near-perfectly with anything on the roads your screwed. You won't be sitting there with full concentration all the time "just in case" - otherwise you might as well be driving. And in the event of an unhanded exception as car has seconds to impact, not the minute or two the startled pilots of AF447 had.

6
1
Paul Crawford
Silver badge

Re: @Crisp

Robots in a factory doing precisly defined work is one thing, and they work really well. Its the uncertainty in what a real road will throw at the system that matters, and how it copes.

Also I think it is moronic to have the assumption of "phone home" operation. What if you loose connectivity or the central servers go down for whatever reason? Does your car just stop?

So then what if someone simply jamms the radio for a short while to stop you and rob you?

6
2
Paul Crawford
Silver badge

Re: Not a problem solved

If it is a 10% driving failure it is not "annoying" but "potentially fatal".

4
1

Watchdog slaps American Apparel's youthful naked arse

Paul Crawford
Silver badge

Having looked at that link I feel quite dirty now :(

I should have noticed it as the Daily Fail.

5
1

OpenSSL preps fix for mystery high severity hole

Paul Crawford
Silver badge

Re: @tnovelli

You seem to forget that C was largely created to be a systems language in order to write UNIX in the 70s. Do you really think an OS written in assembler would be a better idea?

Of course, the other side of a "systems" tool is it lets you do things that might not be smart, even though you might just need to that sort of thing inside an OS. Common mistakes relate to memory usage (not bound-checking, use after freeing, etc) and the notorious printf()-like calls that can really mess things up on the same basis (it relies on you telling it correctly what type of arguments are being passed).

Wile other languages take away your ability to make some of those mistakes, much of those problems are now managable if only folk would use the C-language tools that are already out there! Static analysis tools (e.g. Coverity) and using maximum warnings from your compiler (gcc can now check printf formats, and please us snprintf() to force memory length restrictions) will help if you are willing to take the time to check what they are squaking about, and fix it.

6
0

Let's talk about the (real) price of flash and spinning disks

Paul Crawford
Silver badge

Re: Prices for flash are wrong

"To be fair, a consumer-grade flash drive (with SATA interface) is only 10x the $/GB of a SATA hard disk"

It was mentioned, and for fairness it also has costing for both "consumer" and "enterprise" SATA disks (really, use the SAS version for high-capacity HDD for various reasons to do with reliable identification and proper command queuing, but the pricing is not so different these days).

0
0
Paul Crawford
Silver badge

Re: IOPS

There is no "one size fits all" unless price is no object. For your use-case you have to decide how much IOPS you need, how much data you need to store, and how much money you are prepared to spend.

I suspect the majority of users would currently be best served by a combination of HDD and flash. Some file systems like ZFS have built-in support for using separate storage for write intent logs, so using flash for that is a very cost-effective gain on the write side. For reading you can also have read-optimised SSD for the cache to help with frequently accessed data. Other systems also support data tiering so you can balance cost and performance in an intelligent way. The Devil is often in the detail.

3
0
Paul Crawford
Silver badge

Re: Power?

"SATA 50p per gig per year"

So my home RAID with 12TB protected space from 5*3TB HDD is going to cost me £6000 per year in power! Are you quite sure?

1
0

Gamers! Ransomware will scramble your save files unless you cough up $1,000

Paul Crawford
Silver badge

Re: AV

If you don't need the last few percent of performance, then running Windows in a VM seems a pretty good way of putting off a lot of the smarter malware in case you are analysing it.

Also the ability to make a copy of a VM and restore operating in minutes, rather than hours (the old install Windows, reboot, patch it, reboot, install your software, find license keys, restore data files, etc) is also great.

3
1

I BEG YOU, mighty Jobs, TAKE MY LIVER, Cook told Apple's dying co-founder

Paul Crawford
Silver badge

I think is from this: http://en.wikipedia.org/wiki/Visible_Human_Project

0
0

RIP Sir Terry Pratchett: Discworld author finally gets to meet DEATH

Paul Crawford
Silver badge

Sad to hear, his books provided a lot of entetainment over the years :(

4
0

ACLU files new lawsuits in hunt for police 'Stingray' mobe-trackers

Paul Crawford
Silver badge

Re: ACLU = AssCLowns Unlimited

Gee, so you are happy to have secret evidence gathering against you? You know, without any discussion by the folks who make the laws (i.e. your elected representatives, and I mean all of them and not just a select few on secretive committees) and the public they are supposed to represent, nor by your defence lawyer should you find yourself accused of some crime?

I, and probably most of El Reg's commentards, have no problem with legal interception when it is done based on probable cause and with judicial oversight. If this equipment is gathering data on others who are not involved in the targeted operation that is no big deal as long as all such data is deleted afterwards and not misused outside of the scope of the investigation.

What I do have a problem with is the current trend to assuming EVERYONE is guilty so worthy of surveillance and endless data retention, and that our judges and politicians are not telling us about this so we can have a democratic system in place.

12
0

Ouch! Google crocks capacitors and deviates DRAM to root Linux

Paul Crawford
Silver badge

Double the cost?

Really? ECC memory costs more, but typically 20% and the RAM is often only a fraction of the machine cost.

True, proper servers cost a lot more than desktops, but there are other factors in that cost such as dual PSU options, easier to change fans, hot swappable HDD, etc, (and probably a bit of profiteering as well).

3
1

Nothing says 'Taliban' quite like net neutrality, eh, EU Digi Commish?

Paul Crawford
Silver badge

Ass-hat

Not just him, but anyone who has a car the depends on internet access for safety deserves to be dismissed and the design scrapped. Have you tried getting even GPRS around a large number of rural roads in hilly areas?

5
0

UK Gov SciTech advice bureau suggests keeping Tor alive to reduce street crime

Paul Crawford
Silver badge

A fairly sensible and balanced report.

However, it remains to be seen if the politicians have enough brain cells between them to avoid monkeying with things that will generally make matters worse.

13
0

Is there a cure for cancer sitting at the back of the medicine cabinet already?

Paul Crawford
Silver badge

Citation due?

"And as for cancer cures, there's only one cure for many forms of cancer, which has been proven by INDEPENDENT research, as well as anecdotal evidence"

Please provide some evidence of this or we naturally will decide you are talking bollocks.

Of course, the rant-like nature of your post has raised the bar somewhat to reversing that judgement, but some of us are open to the scientific process where opinions can be changed when repeatable experimental evidence says so.

19
0

Adobe launches cashless bug bounty

Paul Crawford
Silver badge
Thumb Up

Re: You want your vulnerabilities traded in underground forums?

Well played Keef

3
0
Paul Crawford
Silver badge
Trollface

Re: You want your vulnerabilities traded in underground forums?

Feeling sad you don't have one?

2
6

Shove off, ugly folk, says site for people who love themselves

Paul Crawford
Silver badge

@h4rm0ny

You are right to a point. Someone who is above-average in terms of attractiveness is not guaranteed to get attention from folk that they want, maybe because they are afraid of rejection as the presume such a person is overwhelmed by offers.

But this is a site offering only other "beautiful people", and that alone suggests they are not looking for those missing Joe Averages who are average looking but underneath really a decent and interesting blokes.

8
0
Paul Crawford
Silver badge

Probably because they are vain tossers and quickly lose anyone initially interested in their looks once their personality (or lack thereof) is known.

But don't listen to me, I am just ugly, bitter & twisted...

19
0
Paul Crawford
Silver badge
Thumb Up

Re: Three things come to mind here

You deserve two up-votes for getting Groucho & Carly in to one post.

11
0

Microsoft comes right out and says backup software is dead

Paul Crawford
Silver badge

Re: Not dead

If your data is all in the "cloud" and said cloud provider deletes it due to a contractual dispute or simple fsck-up, or goes bust, etc. What then?

Both your primary operational data and the backup/snapshot are gone in a flash.

The old adage about a backup having to be "off site" should be extended to the requirement that any backup is held by another organisation if cloudy, or better still, you have it in your own possession (but not the same building).

9
0

Virtual reality WHIPLASH CHAIR in shutdown scare

Paul Crawford
Silver badge

Re: Disappointed...

I am sure that €10000 would buy me quite a few good hours of "whiplash" experience that would be very NSFW. But then I have friends in low places...

5
0

IBM's secret growth plan is … Karaoke?

Paul Crawford
Silver badge

Audience feedback?

When ever I am stupid/drunk enough to attempt karaoke there is often prompt feedback, typically in the form of thrown bottles or boo/hiss remarks. Just how will they provide the same "experience" in software?

Edited to add: The caption photo is of the portrayal of Ian Dury from the film "Sex & Drugs & Rock & Roll", well worth seeing.

0
0

Carriers want 5G to do everything, for anything, anywhere

Paul Crawford
Silver badge

Autonomous cars?

Really, the key thing about autonomous cars is they are autonomous!

That means they can work in the middle of nowhere, not needing to find the roads to be exactly as surveyed, with temporary diversions and obstacles dealt with as they come, and without any sort of link at all so they don't bork with some ne'er-do-well armed with a £100 Chinese-sourced jammer comes close (or your favourite 3-4 lettered agency with its £200k jammer). WTF do these people think is going to happen if cars depend on networking?!

2
0

Hillary Clinton draws flak for using personal email at State Dept

Paul Crawford
Silver badge

Re: How is this different from private business?

The difference is that folk should use TWO emails! (In fact 3+)

The first one for official business and that is subject to discovery. Of course, depending on the data retention rules and any legislation that forces that period.

The second one is your personal email account that you use for chatting to friends, ordering stuff from Amazon, arranging a hot date, etc... Since this is not used officially (and you are not dumb enough to do so and have a client's email reveal this so it IS then subject to discovery) you don't need to worry much. If it is not using the corporate servers, they don't have to touch it at all.

The 3+ ones are for spam accounts, like sites that ask for email to download articles, etc. You can more or less set that to self-delete after a day or two once you have the access you needed.

1
0

Forums