Feeds

* Posts by Paul Crawford

1636 posts • joined 15 Mar 2007

Computer misuse: Brits could face LIFE IN PRISON for serious hacking offences

Paul Crawford
Silver badge

Re: Needed

Perhaps if some of the punishment was also metered out to those ultimately in charge [1] of the systems being hacked and defrauded when they have not done a good job of securing them, things might change.

[1] I.e. at the CEO/CFO level, not BOFH. Those who decide how much to spend on security and if changes that make things better are to be vetoed for business reasons.

1
0

MARS NEEDS WOMEN, claims NASA pseudo 'naut: They eat less

Paul Crawford
Silver badge

Re: Bah!

Now I'm humming along to "Hong Kong Garden"

Damn!

0
0

UNIX greybeards threaten Debian fork over systemd plan

Paul Crawford
Silver badge
Unhappy

Systemd won't fix poorly implemented services either. Anyone who is not able to write/test/test-again something for init.d won't magically have it all work perfectly under another scheme. Upstart seems to be the least-worst option for something that permits dependency resolution and parallel starting, but its not perfect either and really should be extended to include managing the init.d scripts as well, as realistically there is a lot of stuff that won't get converted to native jobs any time soon.

At one point the Ubuntu project was doing a really good job of making a Linux distro that worked, and was fairly sane, but sadly from about 10.04 seems to have lost its way. It really needs someone like that who is interested in PC use, and not the tablets they fixated upon, to drive a project sanely.

And never listen to the GUI developers either: look how many stupid changes have been made to Gnome and Firefox, etc, etc.

28
0
Paul Crawford
Silver badge

Re: Such hatred

I think upstart is a bit more sane, but even then it has its dumb aspects.

Why, for example, is upstart not calling the traditional scripts in order as well? That way you could at least use its dependency capabilities with non-upstart processes, just like the "service wibble start|stop" sort of command suggests you could.

1
1

ESNet's 100 Gbps Atlantic link almost ready to flow

Paul Crawford
Silver badge

El Reg units

I thought the correct unit for high speed bandwidth was the kilowrist?

http://www.theregister.co.uk/2008/11/12/arizona_boffins_grasp_fat_pipes/

0
0

Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know

Paul Crawford
Silver badge
WTF?

Re: Ummm, no.

Exactly! A "driver-less car" has to be just that - NO driver input expected at any time, bar choosing where to go.

Otherwise why bother? You would be paying a lot extra one way or another and still expected to be sober and alert for any time the computer decides "Fskc this, too hard for me. Hey meat bag? Grab the controls, oh by the way you have 5 seconds to impact..."

7
0

US government fines Intel's Wind River over crypto exports

Paul Crawford
Silver badge

@James 100

I doubt the FPU would do it, too much science checking results to notice odd values.

Now the random number generator, there is one you could use to leak key bits in a manner known only to the creators and those chosen to be 'in the know'...

0
0
Paul Crawford
Silver badge
Black Helicopters

Re: I cant believe it.

It is pretty easy to see that the Intel AES instructions do implement the AES maths correctly, so part 1 of the tin-foil equation seems to be settled.

However, that aspect the truly paranoid would want to know is part 2 - is there an undocumented method to recover previous keys (or parts of keys) used by said AES instructions? You know, something that windows, flashplayer, or similar closed source software might just run and report as a footnote to some other data dump...

1
0

Sign off my IT project or I’ll PHONE your MUM

Paul Crawford
Silver badge

Re: Toilet breaks?

Just don't forget to disable the video call feature.

2
0
Paul Crawford
Silver badge

Re: Plastic bottles shheesh

Gravel Roads? That were luxury!

We had t'piss in fields of nettles, and woe betide any lad who cried at his stung todger!

4
0

Forget passwords, let's use SELFIES, says Obama's cyber tsar

Paul Crawford
Silver badge

Re: Passwords work AND are easy.

Indeed!

Apart from those using "12345" or similar, just how many attacks actually guess a user's password compared to re-using a stolen password database?

I think those are the real problems:

(1) password re-use and;

(2) insecure sites storing passwords in plain-text or unsalted hashes.

Changing to a photo, etc, will make bugger-all difference to that, and once the bad guys have a copy, how do you change it?

4
0

Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE

Paul Crawford
Silver badge

Re: From ISC

Well on my Ubuntu home box:

Firefox 33 => not vulnerable

Chromium Version 37.0.2062.120 Ubuntu 12.04 (281580) (64-bit) => vulnerable

Opera 12.16 => test did not complete (probably not exploitable then?)

1
1

Ada Lovelace Day: Meet the 6 women who gave you the 'computer'

Paul Crawford
Silver badge

Did Margaret Thatcher herald a kinder, gentler phase in British politics?

5
0

White LED lies: It's great, but Nobel physics prize-winning great?

Paul Crawford
Silver badge

Another factor that is often overlooked is that in a place like the UK where a lot of lighting is used in winter, indoors, and along with heating, then any increase in efficiency is going to be partly offset by the heating system making up for the reduction in waste heat.

Other than that point, I tend to agree with Tim that we will just use more of it if the running cost is reduced.

17
3

US astrophysicist Neil deGrasse Tyson: US is losing science race

Paul Crawford
Silver badge
FAIL

Re: The United States

"there were no money to send humans anywhere else"

Alas, there was a trillion dollars to fight a pointless war in Iraq though.

Fail for us, because the well-known war criminal Tony Blair was from the UK.

17
0

Internet Explorer stars in monster October Patch Tuesday

Paul Crawford
Silver badge

@LDS

"What is better - a false sense of ssecurity, or a message reminding you you need to reboot?"

Well for a start it is better to simply restart a web browser (which is sometimes needed for other reasons) than to have to stop everything you are doing, saving sessions, etc, for that alone!

Also in the case of Linux, at least from my experience, if say Firefox is update it tells you that it needs restarting. And not the whole machine, which could be running other stuff or have other users logged in.

7
0
Paul Crawford
Silver badge

Cardinal Ximénez: Google Chrome is the browser you can update without needing a reboot!

Cardinal Fang: Firefox as well.

Cardinal Ximénez: Yes, Google Chrome and Firefox can both be updated without a reboot!

Cardinal Biggles: Whay about Opera?

Cardinal Ximénez: Among the browsers that can be updated without a reboot, are Chrome, Firefox, Opera, Safari, Konquror...

Cardinal Fang: Don't forget to mention a fanatical devotion to the Pope, and not IE

5
4

FLASH drive ... Ah-aaaaaah! BadUSB no saviour to plug and play Universe

Paul Crawford
Silver badge

Wrong direction of trust...

You have to start by assuming everything is suspect, so the PC/OS should start with the assumption that any USB device cannot be trusted.

As others have mentioned, when it is plugged in the very least an OS should do is tell you what class of device it claims to be. If it should be a USB mass storage device then that is fine, and you can proceed to be suspicious of its contents.

However, if your USB stick claims to be a mouse/keyboard/etc then WTF?

Fine for a proportion of El Reg readers, we might go "WTF? ...disable... ...destroy..." but that is not good enough for Joe/Jane Public for whom the OS needs to be a bit more protective, and query with language a bit more obvious than "enable HID?", say to something like "You appear to be adding a second mouse, is this really true? Think carefully my friend before answering..."

1
0

Google ordered to tear down search results from its global dotcom by French court

Paul Crawford
Silver badge

Same as MS & USA judge

Sadly this is as worrying as the issue of a USA judge ordering the data from MS Ireland, it is basically a power-grab where they feel that because "the internet" crosses their jurisdiction then they can apply judgements world-wide.

How long before we get other countries ordering global removal of links that don't suit them?

It may be unfortunate for the French individual to have defamatory things said, but they should take it up with the location of the comments as only a law there should apply to the other party.

2
0

Unchanging Unicorn: Don't be disappointed with Ubuntu 14.10, be happy

Paul Crawford
Silver badge

"reversed gnome 3"

Oh err, a "reversed gnome 3" sounds like some illegal pr0n move!

3
0

How the FLAC do I tell MP3s from lossless audio?

Paul Crawford
Silver badge

The ability to tell the difference depends on 3 things:

1) The original quality of the recording.

2) how good your system and ears are.

3) What sort of MP3 compression is in use.

Number (3) is critical, if you are using 128kbit fixed-rate coding then I am pretty confident you will tell the difference, if you are using 320kbit variable-rate I would doubt most could.

16
0
Paul Crawford
Silver badge

Re: "Everything between sample points is lost" (@the spectacularly refined chap)

The key point about Nyquist's theorem is it starts with the assumption that the signal you are interested in is strictly limited in bandwidth. If that initial assumption is true, for example that you only want/need 20Hz to 20kHz, then by sampling above twice the highest frequency (say at 40.0001kHz) than you are NOT losing any information by sampling.

What is impotent is that 20kHz is an arbitrary value (but realistic limit for most younger humans, us old buggers are lucky to get 15kHz) and to avoid the very unpleasant business of aliasing you MUST be strictly limited to that value.

Since that near brick-wall filter is highly impractical for any analogue filter, what is normally done is to sample higher than that, either a little bit more on sample rate (like 44.1kHz) and use good analogue filters, or a much, much higher sample rate and push the band-limiting problem in to the digital domain where it is practical to implement good filters (but with time delay, but for recording that in not a problem) and then to re-sample at a chosen lower rate.

9
1

Bash bug: Shellshocked yet? You will be ... when this goes WORM

Paul Crawford
Silver badge
Trollface

Re: Oh $!#t.

I picked a bad day to quit trolling.

6
1

Microsoft sets up bug bounties for online services

Paul Crawford
Silver badge

Big mistake

"Bugs requiring unlikely user actions"

Come on, just how often have you found end-users doing things in a manner thought to be unlikely/unreasonable/damn strange by the developers?

3
0

Chipzilla promises $6 billion to upgrade Israeli plant

Paul Crawford
Silver badge
Mushroom

'Infidel Inside'

It could be a new marketing slogan!

15
0

Microsoft vs the long arm of US law: Straight outta Dublin

Paul Crawford
Silver badge

Money talks

Funny how PRISM did not phase the big US companies, but the prospect of losing business did cause some backbone to be shown?

Really the lesson is don't use any company that is not 100% in our own legal territory, and (especially if you can't do so) make sure all data is encrypted with keys that only our own business has access to.

Sure that won't stop a court order to gain access, but that raises the bar from simply fishing for stuff to 'probable cause', and you also know about it so can take proper legal steps to defend against the action.

8
0

Microsoft staff brace for next round of layoffs – expected Thursday

Paul Crawford
Silver badge

Re: @Phil O'Sophical

What you can often do is convert your running XP box in to a VM, and then run that fairly painlessly under another more modern OS.

There are catches, of course, like if you have special hardware that needs an old driver, or use it for demanding games, etc, but you can get the best of both worlds:

1) All old software still working as you had it.

2) Support for new hardware and better basic security (assuming you stop email/web in the VM).

The choice of new OS is yours, could be Win7/8 or Linux, depends on what suits you best. At least Linux is free-as-in-speech to try! Whatever you do, get a new HDD to make a copy to play with, and may sure you have at least 2GB of RAM, ideally 4+, before you even consider VMs.

0
0

WRISTJOB LOVE BONANZA: justWatch sex app promises blind date hookups

Paul Crawford
Silver badge

Palm called, wants her sisters back

Luxury! When I were a lad we were lucky to dream of such things. Times were so poor we could hardly afford Palm and her five sisters.

6
0

Citadel Trojan phishes its way into petrochem firm's webmail

Paul Crawford
Silver badge

Given the trend for advanced malware to avoid running on VMs it order to evade analysis, it seems a pretty good time to deploy any world-facing Windows boxes in VMs, perhpas?

You get the advantage of threatening malware exposure to deter some, and the ease of imaging a running VM to look for boot sector or in-memory nasties that any decent root-kit would hide from AV tools.

Oh yes, and a far, far, less painful reinstall by simply copying a clean VM stored on a read-only NAS or similar if the brown stuff hits the rotary air mover...

3
0

Run little spreadsheet, run! IBM's Watson is coming to gobble you up

Paul Crawford
Silver badge

http://www.youtube.com/watch?v=9tGO79BtWUI

0
0

US boffins demo 'twisted radio' mux

Paul Crawford
Silver badge

Sceptical

AFIK the idea of OAM is the polarisation is rotating. Now you can generate any polarisation by taking a pair of orthogonal antennas and driving them with the appropriate amplitude & phase

You get linear at any angle if the phase shift is zero, with the angle determined by the magnitude of the two drives.

You get circular with LHCP or RHCP depending on the phase being +/-90 deg.

So if you were to drive the amplitude in a cyclic manner you would get the appearance of a rotating linear phase, and if at the receiving end you were to combine the similar antennas with a matching cyclic ratio then bingo - you have the original signal as if it were received by a rotating antenna.

But how is that different from any classical modulation on dual polarisations? Sure they might be claiming the equivalent of higher than QPSK-like "polarisation constellation" points, but that is not without a loss of orthogonality and hence some cross-talk and loss of SNR.

The real question then is can such a scheme deliver any better then just going to higher RF modulation constellations on two classical orthogonal polarisations?

5
0

Be your own Big Brother: Monitoring your manor, the easy way

Paul Crawford
Silver badge

Re: Security?

Unless you run at very low frame rates and resolution, or use movement detection, you can eat up 10GB surprisingly quickly! Also you might find you ISP capping your upload bandwidth quickly as well, given the true nature of a lot of "unlimited" contracts.

We have 9 cameras and they generate 6TB/week, but that is with good video quality.

1
0
Paul Crawford
Silver badge

Re: 1984

Given the history of security on these web cams, I doubt you need the NSA's resources...

12
0
Paul Crawford
Silver badge

Security?

Given a lot of, probably the majority of, these cameras have a history of really shit security and unpatched firmware, you might want to consider some 3rd party method of limiting which devices can connect in to your home network via the camera's exposed interface.

Also important if you are worried about burglary is having a recording of the images on something that won't get nicked by the thief, so it has to be pretty well hidden or to store images off-site, a potentially expensive aspect.

Not really in the 'home security' area, we have used the Vivotek power-over-Ethernet cameras at work, great as you only have a single cable to run and that can be UV-resistant cat5 for outdoors (e.g. CB14001 from CPC/Farnell) and no bandwidth problems. They come with surprisingly decent recording software, though Windows-only and only for their cameras. Oh and dodgey firmware security, but in our case they were not exposed outside our firewall for any exploiting.

4
0

Ex-Autonomy execs: HP's latest wad blows apart fraud allegations

Paul Crawford
Silver badge

Re: Sounds like a match made in heaven

Funny that, when my business sells hardware it is done for the revenue it brings in. Why is that such a novelty to HP?

4
1

TorrentLocker unpicked: Crypto coding shocker defeats extortionists

Paul Crawford
Silver badge

Re: I'm conflicted

Are you sure your not in XKCD land?

2
1

It's a pain in the ASCII, so what can be done to make patching easier?

Paul Crawford
Silver badge
Windows

Re: Windows.

"If it is taking you more than an hour to patch, you have no clue what you are doing"

Please explain?

I have had a fresh install of Vista (and recent installs of Win7) that took hours to get updated, rebooted, updated and that was simply following what MS offered. Are you saying that a consumer OS should need some special magic to make it less painful than just clicking 'OK' on the update option?

With Linux it is usually 10-30 minutes for all patches, then one reboot and that is it up to date.OK, it might not run certain special applications, but I can get an XP VM I prepared earlier up and running in less than 10 minutes...so still less pain than a typical fresh installation of Windows.

Bah, pass me the can of Tenants' brain damage please...

1
0
Paul Crawford
Silver badge

Re: Linux no-reboot patching can be a mixed blessing.

I generally reboot a less-used machine after patching "just in case" something had updated and borked the start-up process. That way the running machines have a decent expectation of rebooting when needed.

Thankfully it is rare!

1
0

Limits to Growth is a pile of steaming doggy-doo based on total cobblers

Paul Crawford
Silver badge

Enery is the secret

Well, it is not really "secret" as being unknown, more as the key. If you have plenty of cheap enough energy then you can recycle the elements used to create past crap Xmas toys, etc, from the landfill in to something you really need and want right now, like the latest Orgaimator2000 robotic dildo or whatever.

I'm not sure how an economist would see it, but if someone succeeds in generating a lot of energy cheaply and reliably and without needing resources in a few politically unstable regions of the world, a lot of societies problems would be over.

Except maybe over-population, but decent education and an endless supply of the Orgaimator2000 should see to that....

20
0

IT jargon is absolutely REAMED with sexual double-entendres

Paul Crawford
Silver badge

Re: Pegging order?

Hard to say.

On the Wikipedia page for it says: "Advice columnist Dan Savage wrote that he believes all men should try pegging at least once, as it may introduce them to a new enjoyable sexual activity and illuminate them to the receiver's perspective in sex"

So far I have not has such an 'illuminating' experience, but I'm not sure if that is something to be happy or sad about.

0
0
Paul Crawford
Silver badge
Coat

Skiing

Perhaps all those women were also aware that "skiing" is yet another sexual practice and you attempt to excuse your poorly judged vocal ejaculations simply slipped you deeper in to bad boy territory.

OK, I think its time I got my coat...the one with Rodger's Profanasauris in the pocket, thanks...

2
0

'Everywhere I look ... it's bad': HP claims email shows Autonomy CFO panic, pre-buyout

Paul Crawford
Silver badge

Re: Doesn't show much confidence that they have a case

That bit about "...weigh the evidence against HP's officers to determine whether the condition of the settlement that would indemnify them against charges of wrongdoing would be fair for shareholders" says a lot in my mind.

As you say, if they are so damn sure of fraud why no action before any shareholder settlement? Get the facts out in court and then deal with it.

2
0

What could possibly go wrong? Banks could provide ID assurance for Gov.UK – report

Paul Crawford
Silver badge

Out of cheese error

So gov to use banks to verify individuals identity for issuing passports, driving licenses, etc..

Banks use data like passports, driving licence, etc, to verify users when signing up.

A small circular problem?

20
0

Car makers, space craft manufacturers infected with targeted recon tool

Paul Crawford
Silver badge

Re: IE involved, again...

"How does it help the intended victims? OK they avoid software company X (possibly to the extent of that company going out of business), but the real issue"

That is not what I meant as quite certainly company X has already cleaned its servers up.

The point is if you have been on company X's site then you might want to look more carefully at your own security!

0
0
Paul Crawford
Silver badge

IE involved, again...

From the link in the article:

"The attackers were able to compromise the website and include code that loaded a malicious Javascript file from a remote server. This Javascript file is a framework for reconnaissance that the attackers call "Scanbox" and includes some of the techniques we described in a previous blog post: Attackers abusing Internet Explorer to enumerate software and detect security products"

Perhaps the bigger news was the compromising of the engineering software companies web site in the first place. But they fail to say *who* that was, which might help other folk know if they might be exposed or not.

3
1

Facebook to let stalkers unearth buried posts with mobe search

Paul Crawford
Silver badge

"old posts on the free content ad network"

"content-free user-whoring network"

Fixed it for you...

5
3

Boiling point: Tech and the perfect cuppa

Paul Crawford
Silver badge

Re: accidents waiting to happen

My thoughts exactly - way too easy for a child, elderly, distracted person to scald themselves badly by using the wrong tap.

Also why no mention of the cheaper stand-alone sort hot water boilers? At least they don't look like a sink tap and are more reasonably priced (still in the £100-500 range AFIK).

0
0

Too slow with that iPhone refresh, Apple: Android is GOBBLING up US mobile market

Paul Crawford
Silver badge

Re: Italy?

MS made them an offer they couldn't refuse?

3
1

KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION

Paul Crawford
Silver badge

Re: if the malware does indeed encrypt everything in sight

Not all backup systems present the "backup" as files on the regular file system.

How about rsync to a remote system that has no obvious log-in? Said system could also have features like file system snap-shops so you could roll-back even if said remote file system is deleted/encrypted.

2
0

Mozilla's 'Tiles' ads debut in new Firefox nightlies

Paul Crawford
Silver badge

Public key pinning?

It appears that web sites will be using some HTTP extension to declare by whom their SSL certificate should be issued, but surely in a MITM attack you would just advertise the 'other' compromised issuer used for the web-access morphing attack?

Have I missed something here?

I applaud the attempt to deal with the mess that is SSL issuing, but it seems to need far more than that to deal with a well-executed MITM attack (along the lines of noticing cert changes and validating with several geographically/politically separate entities that such a change is correct).

2
0