Feeds

* Posts by Paul Crawford

1610 posts • joined 15 Mar 2007

Microsoft hooks up with AT&T, gazes into YOUR data center

Paul Crawford
Silver badge
Black Helicopters

No thanks

Outside the USA and going to put data in the hands of AT&T & MS, both who seemed happy to turn over everything to the NSA?

Yes, I know they probably have no legal choice in the matter, but was PRISM not a paid-for arrangement to make the process nicer and maybe even profitable?

Closest to a tinfoil hat icon =>

2
0

Google smacks Surface with free Quickoffice for Android, iOS

Paul Crawford
Silver badge

Re: Didn't Microsoft kill off a better browser by giving away an inferior one?

Almost - they killed its financial viability and locked lots of corporations in to a now-regretted dependency on IE5/IE6 which even MS can't/won't port, even as 2nd class application, to later versions of Windows.

But Netscape's legacy is still around as Firefox, and doing not too badly.

4
0
Paul Crawford
Silver badge

New?

Depends, many older options did not work very well, maybe Quickoffice will work to a "good enough" standard?

Still, has MS not been in "protect Windows cash-cow at all costs" mode the last few years, it could have make Office properly available on IOS (at least) and Android and seen much more sales. Oh, and saved 1B$ in write-down on the unloved WinRT fondlslabs...

0
0

Oracle revenues miss expectations – AGAIN

Paul Crawford
Silver badge

Re: SPARC hardware

Citation?

0
0

Leaked docs: NSA 'Follow the money' team slurped BANK records, CREDIT CARD data

Paul Crawford
Silver badge

Re: Hmmmm....

There are many ways to decrypt a message that do not involve "breaking" the cypher.

As already pointed out: hacking in before it is encrypted, using you 'influence' to get a copy of the key(s), compromising the key/certificate generation software, compromising a closed-source implementation so it leaks information that you have the key to make use of...

4
0

Meet the Unmagnificent Seven: The critical holes plugged in Firefox update

Paul Crawford
Silver badge

Re: Linux anyone?

I use Linux and recommend it to friends/family, but I never tell them it is "safe". You have to always be careful and never, ever, assume the machine is immune.

On a side point, most distros disable the apparmor profile for firefox - that is a dubious step to allow easier file down/up load from a non-default directory. If you are very serious about security you should enable it to sandbox the browser.

Oh, and if really serious, us another account for dubious browsing, maybe a 3rd for very important browsing. And change the /home/* directories to remove 'other' access.

4
0

You thought slinging Photoshop into the cloud would fail? Look who's laughing NOW

Paul Crawford
Silver badge

Re: The real reason for the laughing

You have to wonder how much money would be needed to rectify the issues with having an acceptable alternative to some of these packages. Get a few hundred users together, get them to contribute 1/2 the current fees each and see if that would pay some competent folk to implement the necessary code changes to GIMP, etc...

0
0

One year to go: Can Scotland really declare gov IT independence?

Paul Crawford
Silver badge

Re: Sigint capability

You are forgetting the likelihood that our puritanical overloards would be quite interested in spying on our activities. Look at how they enacted pr0n+ laws that tried, and in cases, succeeded in going beyond the stupid UK-wide changes that made drawing a dick on Bart Simpson a potential jail-and-sex-register crime.

3
2

Redmond slips out temporary emergency fix for IE 0-day

Paul Crawford
Silver badge

Re: But why?

Corporate drones - they have no choice but to use the IT department's image.

Corporations that have screwed up IE6/7 only internal systems, where the users have to use IE and it becomes a dirty (or enforced) habit on t'Internet as well.

5
0

Microsoft no longer a top Linux kernel contributor

Paul Crawford
Silver badge

Re: @M Gale

Today you are only likely to worry about kernel size for embedded applications, and there you probably are going to roll a customised kernel with just what you need.

As you say, Windows has a lot of micro-kernel like aspects, but still has become bloated and need rebooting for way too many patches. Most of the bloat is probably not 'kernel' in the classic sense, but it is an issue for smaller devices like phones & fondleslabs.

And it misses the point - if going microkernel you really would be doing it primarily for security and fault tolerance/recovery, so you need a _VERY_ minimal 'kernel' and everything else as user-space modules.

2
0
Paul Crawford
Silver badge

Re: Otherwise it'll become bitrotten

Now then, where do I buy some new hardware to natively run my ZX81 games?

Or why can't I get this NT4 driver for my old SCSI scanner to play with Windows8?

4
0
Paul Crawford
Silver badge

Re: at this rate

There are a lot of good reasons for going microkernel in terms of security (even "binary blob" drivers get ring-fenced access) and in-memory footprint (only in-use drivers need be loaded).

But...usually performance hit of going in/out of ring 0 for every driver/file system action means it gets side-lined, and few have the stomach for trying to compete with Linux/Windows (even BDS) for developer attention.

2
0

Cloud storage: Is the convenience worth the extra expense?

Paul Crawford
Silver badge

Re: Total loss of control.

This is a valid point, but one solution is along the lines of Nate's post above you - have your own managed server with encrypted storage that you alone have the key. For storage/backup only you don't even need the physical server to be isolated, as you can encrypt-on-write at the client machine(s).

Of course, that is not going to stop a court order for access, but at least they have to deal with your own country's laws which, in theory, you have a democratic input to. That is very different to any foreign host where you can expect a different treatment even to the locals.

And as Trevor points out, you still need a local copy in case the provider has gone badly wrong or is holding your data hostage with usurious fees to migrate your data to another provider...

4
0

Angry Brazilian whacks NASA to put a stop to ... er, the NSA

Paul Crawford
Silver badge

NASA security

This probably covers it:

http://xkcd.com/932/

NASA has a lot of public-facing low-importance web sites that don't get maintained/updated for years. I'm surprised this is not more common really.

1
0

Cold-blooded, INHUMAN visitor hitches ride on NASA moon rocket

Paul Crawford
Silver badge
Unhappy

Re: Communicating with the rocket via Kermit?

Damn, I forgot I was that old

0
0
Paul Crawford
Silver badge
Trollface

Re: Mais attendez!

Try your local Tesco for burgers.

0
0

Chap unrolls 'USB condom' to protect against viruses

Paul Crawford
Silver badge
Trollface

Re: USB condom?

Do you have a bigger one for me?

0
1
Paul Crawford
Silver badge

Re: Beware cheap cables?

Ah, the joys of Windows' autorun? First thing (well, almost) you should do is this:

http://support.microsoft.com/kb/967715

And just go for the 0xFF hack to disable EVERYTHING that could autorun.

Still, if the cable identifies itself as something known (e.g. a mouse) then Windows will still install a driver for it without asking for your consent, and it is conceivable that a USB keyboard-like device could be used to inject commands to a system at some point. That sort of attack would also work on Linux, etc, but the attacker would have to know what system it was to successively inject badness.

3
0

Box morphs into Google Docs competitor

Paul Crawford
Silver badge

Client side encryption?

Really, if they want to survive outside of the USA, and are competing with MS & Google, they need something special.

Having an open-sourced encryption layer that ensures that only those with the private password can (easily) decrypt the server-side data would be something worth having.

Yes, I know there are lots of ways to compromise that, obviously if you are using a compromised OS, but privacy by design would be a decent selling point.

1
0

City of Munich throws Ubuntu lifeline to Windows XP holdouts

Paul Crawford
Silver badge

Re: I bet a lot more people would switch if...

AFIK the default installation will dual-boot with XP.

Only fly in that ointment is occasional rogue Windows DRM-style program that would write to the boot sector area assuming only the MBR is used and trash the grub loader. That may be fixed now (saw that 3-4 years ago).

2
1
Paul Crawford
Silver badge

Re: Half measures

They are also telling they are on their own if they don't switch...

16
0
Paul Crawford
Silver badge

Re: How does this help?

It helps simply by giving those folk the idea that (A) the current XP support will end soon, and (B) they can do *something* about it for free (as in money, not in time).

The alternative is to either let them be and watch as all of those machines become infested and cause all sorts of problems to the users and local business, or to force them to pay up for new machines that will probably not run a decent portion of old stuff / old hardware, and will have the radically new TIFKAM interface in any case.

There is no simple answer to what to do if you don't have a big budget to refresh and retrain users. Trying Ubuntu (or getting the local tech person to help you try it) is way better than doing nothing.

4
4

One day we'll look back and say this was the end of the software platform

Paul Crawford
Silver badge

History repeating

There is an irony that Android's success comes from being cheap and "good enough" for a generation brought up with the low expectations of a (non-technical users) Windows PC's reliability and longevity. After all, that is largely how MS succeeded over other, and technically better, platforms to achieve Windows' current desktop dominance.

It will be interesting to see if MS can move away from the "Windows + Office" cash cow and deliver products that users want to have, and not to use said products to push only MS' legacy profit centres.

15
1

IETF floats plan to PRISM-proof the Internet

Paul Crawford
Silver badge

Re: Ho Hum.

No one is, or should be, surprised that GCHQ/NSA/etc break codes and spy on people. That is, after all their job, and the other side (e.g. China) will do the same.

What people are, and rightly should be, upset about is the presumption that everyone is a criminal and should have all of their activity recorded, decrypted and analysed "because they can".

It goes far beyond what most folk consider is acceptable under the usual police requirement of justifiable suspicion. Add in to that the secretive and rather despotic use of orders that you can do jail time for simply revealing that you have been ordered to do something, and the apparent lack of meaningful judicial oversight or even political knowledge outside of a select few, and it is a very wrong situation for society to find itself in.

We don't need unbreakable encryption or other silver bullets, all we need is widely used non-compromised encryption that means it is not trivial to gather everything about everyone you unless you are already under suspicion, rather like the old days when an agent had to be posted to watch you and resources limited that to the "most interesting" of all.

0
0

Startup claims 1W wireless charging at 10 metres

Paul Crawford
Silver badge

Re: Imagine a Starbucks with one of these in the ceiling

Yes...and this business of a 'safe' limit of 10mW/cm^2 sounds a bit forgotten as I doubt an iPhone is 100cm^2 of perfect antenna and conversion electronics to get 1W.

2
0

Pair of complete tits sorry for pervy app

Paul Crawford
Silver badge
Trollface

Re: Swings both ways

Beat me to it. I was going to suggest a jockstrap

0
0

Enterprise storage: A history of paper, rust and flash silicon

Paul Crawford
Silver badge

Optical storage

AFIK when the CD-ROM came out the ~650MB capacity (not writable, at that point) was way bigger than the ~20MB consumer-cost HDD of the day, but after a few years was overtaken by HDD progress.

DVDs were useful for archive for a while. At launch they were comparable to HDD size, but now 4.7GB hardly seems much at all!

And let us not forget the laser disk, not digital as such, but fantastically better then VHS at the time, and they did attempt boldly to use it as an archive store:

http://en.wikipedia.org/wiki/BBC_Domesday_Project

0
0

That earth-shattering NSA crypto-cracking: Have spooks smashed RC4?

Paul Crawford
Silver badge

Or the recent cases of Visa/Mastercard refusing to deal with certain VPN suppliers. Like the ones who maybe don't play ball with the USA and/or implement more secure options than the piss-poor PPPT?

http://torrentfreak.com/paysafecard-begins-banning-vpn-providers-130825/

4
0
Paul Crawford
Silver badge

Re: Huawei et al. are looking a lot better

No, it is not making Huawei, etc, look much better as they are almost certainly doing the same as Cisco but for the Chinese.

What it should be doing is drawing the attention of nations to the fact that closed/secret designs are likely to have issues of trust. Or incompetence. In fact, the latter is just as big a threat to most folk.

4
0

OK, forget the 3D telly fiasco: 4K is gonna blow you away - say tech giants

Paul Crawford
Silver badge

4k benifits?

I kind of want 4k to succeed, not because it will make much difference to me TV viewing, but maybe it will put an end to the sh*t laptop monitor resolutions we have these days.

15
0

Reports: NSA has compromised most internet encryption

Paul Crawford
Silver badge

Re: @AC

The whole point about SElinux (or apparmor, for that matter) is to deal with the problem of internal trust between processes that run with root privileges, or (like web browser or PDF reader) are likely attack routes. That is a big problem in ANY computer system. It is open sourced, so you or anyone else can check it!

Like the fools who say AES is back-doored because the US use it, it completely misses the point. They want good security for themselves and US gov, as much as they want to break others, as they know Russia, China, etc will be doing the same in return.

1
0
Paul Crawford
Silver badge

Re: Such a surprise?

"Not the *whole* concept."

No, not the certificate system at a basic level, but the fact there are so many signing authorities that are installed and trusted by default by most web browsers and their users.

There is a need to, somehow, verify that certificates for a given domain are not duplicated or otherwise certified by another issuer and that any changes are flagged and investigated.

However, this last part (which, for example, is the bit where SSH can reveal an attempted MITM attack or, more often, a re-installed server) is fundamentally broken with all non-paranoid geeks who just see a warning pop up and click "yes, whatever" to see more cat videos.

2
0
Paul Crawford
Silver badge
Unhappy

Such a surprise?

For those with a good range of metallic headgear, this should come as no big surprise. After all, few bank robberies actually break the safe door, they either get the keys (by bribery or coercion) or they go in via the walls that are weaker.

It has long been known that the whole concept of SSL is fundamentally broken: compromise any one of the ~600 issuers and you can fake a certificate for man-in-the-middle attacks, and yet no one has serious tried to fix this in spite of the occasional publicised attack.

Similarly a lot of VPNs use only PPPT as it is MS's favoured option, though known to be also fundamentally broken w.r.t MITM attacks, etc.

And with MS being on such good terms with the US gov it is hard to avoid the conclusion that they would work with three-lettered agencies to either allow direct access, or not to close useful holes unless the "bad guys" start using them. Why are the likes of skydrive (and Google's offerings) not client-side encrypted by default? Maybe laziness, maybe to help? Who knows, so adjust your hats accordingly...

None if this means that encryption is not a good way of protecting your privacy, it is. But what it means is you cannot trust most of the current players that should be delivering it to be acting in the interest of you, the customer.

25
0

Panasonic whips out MONSTER fondleslab for serious S&M sessions

Paul Crawford
Silver badge

Pros & Cons

On the plus side, we have a device that has a decent screen resolution at last!

On the minus side way to expensive.

I can't see CAD folk using this without a mouse and keyboard, in which case it is not really that attractive compared to a powerful desktop with 2 * 30" monitors, which is about the same price.

2
1

Microsoft, Nokia and the sound of colliding garbage trucks

Paul Crawford
Silver badge

@LDS

Remember MS are as much a part of PRISM as Google.

And the issue there is not that they were complying with court-ordered access (as in the "Nuremberg defence") , but that they went out of their way to assist in the gather of such data as part of a paid program...

2
0

Furious Frenchies tell Apple to bubble off: Bling iPhone isn't 'champagne'

Paul Crawford
Silver badge

oenophiles had their wicked way

Oh yes baby!

0
0

'Anonymous' to Reg hack: We know SEA leaders' names

Paul Crawford
Silver badge

Maybe, just maybe, they could hire and empower some smart folk to properly secure their systems and BOFH-enforce good practice on their employees' use of passwords, etc, so they don't get hacked so often?

Deal with the problem (badly secured system), not the symptoms (Anonymous, etc, posting goatsee images for fun, etc).

3
0

Boffins follow TOR breadcrumbs to identify users

Paul Crawford
Silver badge

Re: Anonymity

>Did anyone really think that anonymity Tor could be guaranteed?

I suspect even for gov-level snooping (maybe less so for pan-gov like USA/UK/CAN/NZ sort of thing) and for its intended job of the occasional spy/oppressed activist message it is good enough. But not for users who route a lot of traffic through it, which is the key to this discovery.

And WTF routing bittorrent through it? Not only is that going to give your game away much more, it is a serious abuse of the network and going to be real slow. Really, such folk should be using a VPN for that sort of thing.

12
0

HTC trio suspected of pilfering design IP

Paul Crawford
Silver badge

Was this valuable IP?

"downloading info on the new Sense 6.0 UI"

Strewth, as our antipodean cousins are alleged to say, why pilfer something that is hardly worth the time of day? Maybe these jokers at the top of HTC and that sense of priority partly explains why the phones have sucked for so long.

2
2

Microsoft cedes board seat to activist investor

Paul Crawford
Silver badge

Re: So less than 1% of stock will get you a seat on the board?

I suspect a break-up and profit maximise route will be taken.

I am not sure how to react to that as I have no love lost for MS. On the one hand, MS employees should be worried, on the other, breaking up MS in to 4 or so separate businesses could be the best thing for MS, its users, and the competition as each would have the incentive to do the best for its customers, and not to leverage sales/lock-in for any other business unit. For example:

Windows (both home & server)

IE and Office (eventually to make them properly multi-platform and totally independent of Windows)

Bing and Azure

Xbox and consumer trivia

Development & management tools for Windows.

5
1

Indian government to bar politicians from using Gmail for official business

Paul Crawford
Silver badge

Re: They were using Gmail?

Quite. From a national security point of view, and an audit point of view it is mind-bogglingly dumb, and something that almost defies sense. At least for el Reg readers who understand a bit about Gmail, Office365, etc, policies.

But here in the west a lot of organisations use either Gmail or Office365 as their provider, and the likes of BT outsourced to Yahoo. Us tech folk pointed out a whole host of issues, and upper management ignored them for reasons of cost and convenience (actually the "convenience" aspect is often about internal IT policy & cast as well).

And that is without having to deal with the crushing bureaucracy in India. That should not be dismissed as a racist or xenophobic comment by the way, as my Indian friends and business contacts would tell you the same :(

1
1

Punter strikes back at cold callers - by charging THEM to call HIM

Paul Crawford
Silver badge
Trollface

Informing of costs?

What, you mean that Ofcom and the telecoms industry has not organised phone numbers so the prefix can be parsed simply to tell you the cost?

20
0

Quantum crypto nearly ready to go mobile

Paul Crawford
Silver badge

What is the application for this?

I mean, what real use is an uber-secure link to a smartphone that is likely to get lost and/or otherwise compromised by being basically a consumer-grade machine with (in most cases) damn-all in the way of regular security patches?

Put it another way, how often is the maths of https broken (as opposed to some dumb certificate issue) compared to Trojans or other hacks being deployed to end user's computing devices to achieve the same thing?

So full marks for ingenuity, but I am still kind of wondering who and what this will be used for in practice.

0
0

Boffins' keyboard ELECTROCUTES Facebook addicts

Paul Crawford
Silver badge
Thumb Up

@LazyLazyman

Well played sir!

0
0
Paul Crawford
Silver badge
Gimp

Other usage?

So I am guessing there is a version for fetlife that makes it more addictive?

1
0

Nissan promises to sell self-driving cars by 2020

Paul Crawford
Silver badge

Re: Insurance?

Not just insurance, but also system support. What happens in 6 years when your Whizo Mk3 is not supported any more? Will it be a bit like aircraft (where it is illegal to use it for commercial use) and so force it to be scrapped?

Also will you have to get it serviced to aircraft-standards (and presumably cost) as so much of the system is safety-critical and you will find it illegal/uninsurable without that? Will the cars simply refuse to work if they are not up to schedule on this?

While I can see the safety benefits from eliminating morons, I can also see cars becoming a lot more expensive to maintain.

1
0

Microsoft Xbox One to be powered by ginormous system-on-chip

Paul Crawford
Silver badge
Coat

Re: " tweaked by Microsoft to within an inch of its life"

Why did I read that as "twerked by Microsoft to within an inch of her life"?

Mine is the dirty mac(OS) ->

4
4

NASA: Full details on our manned ASTEROID SNATCH mission

Paul Crawford
Silver badge

Re: Powerpoint mission...

Expensive over many years? Yes. But compare with the 1-year budgets of others for perspective:

Defence (including State, Homeland Security and Veterans Affairs) - $618 billion.

Health and Human Services - $78.3 billion.

Education - $71.2 billion.

Housing and Urban Development - $33.1 billion.

Energy - $28.4 billion.

Agriculture - $21.5 billion.

6
2

Oracle launches paid support for 'free' NoSQL database

Paul Crawford
Silver badge

Re: Clever

Also to add to the debate around the GPL, you do realise that you can still charge for software under the GPL?

http://www.gnu.org/licenses/gpl-faq.html#DoesTheGPLAllowMoney

Of course, the requirement to distribute to source code with any binary may still not work for your type of application (you have not said what that is, and posted as AC there is no obvious way to find out) but for big range of application areas where the customer is moderately trustworthy this can be an advantage in completing a sale.

1
1